8000 [Form] User datas are not sufficiently checked · Issue #1962 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Form] User datas are not sufficiently checked #1962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
hlecorche opened this issue Aug 15, 2011 · 3 comments
Closed

[Form] User datas are not sufficiently checked #1962

hlecorche opened this issue Aug 15, 2011 · 3 comments
Labels
Form

Comments

@hlecorche
Copy link
Contributor

TextType has no ClientTransformer. Why ?

With TextType, the client data can be any type !!!! (array eg)

In the example below, if the user data (when sending the form) is an array, the exception "Expected argument of type string, array given in src\Symfony\Component\Validator\Constraints\MaxLengthValidator.php at line 40" is thrown

class Car
{
    /**
     *
     * @Assert\Type("string")
     * @Assert\MaxLength(5)
     */
    public $name;
}
public function bugAction(Request $request)
    {
        $car = new Car();
        $form = $this->createFormBuilder($car)
            ->add('name', 'text')
            ->getForm();

        if ($request->getMethod() == 'POST') {
            $form->bindRequest($request);

            if ($form->isValid()) {
                // perform some action, such as saving the task to the database
            }
        }

        return array('form' => $form->createView());
    }

Second question: Why ScalarToChoiceTransformer does not check if the data (in reverseTransform function) is a scalar value?
@stloyd
Copy link
Contributor
stloyd commented Oct 14, 2011

About ScalarToChoiceTransformer checks it was fixed in #2341.

@stloyd stloyd mentioned this issue Oct 17, 2011
Merged
@stloyd
Copy link
Contributor
stloyd commented Dec 19, 2011

@hlecorche Can you give an feedback in #2421 ?

fabpot added a commit that referenced this issue Dec 21, 2011
@fabpot
merged branch stloyd/missingClientTransformer (PR #2421)
7ea9c5b 
Commits
-------

49d2685 [Form] Add default validation to TextType field (and related)

Discussion
----------

[Form] Add default transformer to TextType field (and related)

Bug fix: yes&no (?)
Feature addition: yes (?)
BC break: no
Symfony2 tests pass: yes
Fixes the following tickets: #1962.

---------------------------------------------------------------------------

by stloyd at 2011/12/19 03:43:37 -0800

@fabpot ping ;-)

---------------------------------------------------------------------------

by fabpot at 2011/12/19 10:58:20 -0800

Is it really needed? I have a feeling that it enforces unneeded constraints, but I can be wrong of course.

---------------------------------------------------------------------------

by hlecorche at 2011/12/20 02:31:03 -0800

It's needed because with TextType field, and without the ValueToStringTransformer, the user data (when sending the form) can be an array !!!

For example:
- if there is a TextType field
- and if there is a MaxLengthValidator
- and if the user data (when sending the form) is an array
So the exception "Expected argument of type string, array given in src\Symfony\Component\Validator\Constraints\MaxLengthValidator.php at line 40" is thrown
@fabpot fabpot closed this as completed Dec 21, 2011
@webmozart
Copy link
Contributor

See #4102 for a related issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Form
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fabpot @stloyd @webmozart @hlecorche
0