Should $request->getPost() and others modify data even when no filtering specified?

I believe the culprit is filter_var($value, $filter, $flags), which will convert nulls to empty string even if FILTER_UNSAFE_RAW (which according to php docs should let any value through).

I did read your post, and your above uncertainty is what led me to ask my questions. I have not looked at the code, but if we are already using a flag that is supposed to allow null values then it seems to me the source of the issue is still uncertain. If you feel confident in your assessment and solution you are very welcome to submit a PR. I cannot say without seeing the changes whether this would be considered a “breaking change” but it sounds to me like you’ve discovered a bug so a fix is in order.

Well, from my tests, filter_var with FILTER_UNSAFE_RAW does convert nulls to empty strings. This may have stayed under the radar since it is being used to filter POST data, which is always in string format. One of my concerns is people implicitly relying on the data being composed exclusively of strings but that will remain true as long as they are not fiddling with it in a Filter, but again, if they are, and rely on this cast to prevent, say, nulls from being sent to the db, then it will break things somewhere.

Shall I roll up my sleeves?