Skip to content

Fix: anchor MasterCard credit-card pattern (missing ^ regressed in 94a79c033)#1774

Open
nikkoenggaliano wants to merge 1 commit into
Respect:3.1from
nikkoenggaliano:patch-1
Open

Fix: anchor MasterCard credit-card pattern (missing ^ regressed in 94a79c033)#1774
nikkoenggaliano wants to merge 1 commit into
Respect:3.1from
nikkoenggaliano:patch-1

Conversation

@nikkoenggaliano
Copy link
Copy Markdown

@nikkoenggaliano nikkoenggaliano commented May 30, 2026

The MasterCard entry in CreditCard's BRAND_REGEX_LIST is the only one of the eight brand patterns missing a leading ^ anchor. Because of this, v::creditCard('MasterCard') accepts inputs that are not valid MasterCard numbers specifically, Luhn-valid digit strings longer than 16 digits whose trailing 16 digits match the MasterCard pattern.

use Respect\Validation\Validator as v;

// 16-digit MasterCard from the docs — correctly accepted
var_dump(v::creditCard('MasterCard')->isValid('5376747397208720')); // true (OK)

// 17-digit, Luhn-valid, NOT a MasterCard — wrongly accepted today
var_dump(v::creditCard('MasterCard')->isValid('05105105105105100')); // true (BUG; should be false and rejected? No?)

Self-contained demonstration (no Composer needed), mirroring evaluate() +
Luhn::isValid() and using the verbatim shipped regex:

input                | luhn  | shipped  | fixed   | expectation
--------------------------------------------------------------------------------
5376747397208720     | pass  | ACCEPT   | ACCEPT  | valid 16-digit MasterCard -> must ACCEPT
05105105105105100    | pass  | ACCEPT   | reject  | INVALID 17-digit number   -> must REJECT

Fix

- self::MASTERCARD => '/(5[1-5]|2[2-7])\d{14}$/',
+ self::MASTERCARD => '/^(5[1-5]|2[2-7])\d{14}$/',

Regression test

Add to providerForInvalidInput() in tests/unit/Validators/CreditCardTest.php (alongside the other $masternegatives):

[$master, '05105105105105100'], // 17-digit (over-long): regression for missing ^ anchor

@nikkoenggaliano
Update Anchor for Regex MASTECARD
9d8e764 
The `MasterCard` entry in `CreditCard`'s `BRAND_REGEX_LIST` is the only one of
the eight brand patterns missing a leading `^` anchor. Because of this,
`v::creditCard('MasterCard')` accepts inputs that are **not** valid MasterCard
numbers specifically, Luhn-valid digit strings **longer than 16 digits**
whose trailing 16 digits match the MasterCard pattern.
@codecov
Copy link
Copy Markdown

codecov Bot commented May 30, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.41%. Comparing base (7d833fb) to head (9d8e764).

Additional details and impacted files 
@@            Coverage Diff            @@
##                3.1    #1774   +/-   ##
=========================================
  Coverage     99.41%   99.41%           
  Complexity     1020     1020           
=========================================
  Files           194      194           
  Lines          2387     2387           
=========================================
  Hits           2373     2373           
  Misses           14       14

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nikkoenggaliano