fix: [attribute] validation tightened for empty strings

- a value containing only control characters will now be blocked from entry

app/Model/Attribute.php

@@ -205,6 +205,10 @@ class Attribute extends AppModel
             'stringNotEmpty' => array(
                 'rule' => array('stringNotEmpty')
             ),
+            'stringControlCharacters' => array(
+                'rule' => array('stringNotControlCharacters'),
+                'message' => 'Value provided consists purely of control characters and is therefore considered to be empty.'
+            ),
             'validComposite' => array(
                 'rule' => array('validComposite'),
                 'message' => 'Composite type found but the value not in the composite (value1|value2) format.'
@@ -626,6 +630,19 @@ class Attribute extends AppModel
         return true;
     }
 
+    public function stringNotControlCharacters($fields)
+    {
+        if (ctype_cntrl($this->data['Attribute']['value1'])) {
+            return false;
+        }
+        if (in_array($this->data['Attribute']['type'], $compositeTypes, true)) {
+            if (ctype_cntrl($this->data['Attribute']['value2'])) {
+                return false;
+            }
+        }
+        return true;
+    }
+
     public function maxTextLength($fields)
     {
         if (strlen($fields['value']) > 65535) {