[#30261] - [4.0] add input validation pattern copied from DatabaseHelper
- Closed
- 21 Oct 2020
- Medium
- Build: 4.0-dev
- # 30261
- Diff
- hans2103:feature/input-validation-on-db_name
User tests: Successful: Unsuccessful:
Pull Request for Issue # .
Summary of Changes
This PR will perform HTML5 validation on installation input field db_name.
It is in Joomla for DB type = MySQL or MySQLi not allowed to use a period in the database name.
see the current check in installation DatabaseHelper
joomla-cms/installation/src/Helper/DatabaseHelper.php
Lines 240 to 243 in 1b5cc36
Testing Instructions
-
Follow Joomla installation instructions for J4 on https://docs.joomla.org/J4.x:Setting_Up_Your_Local_Environment
-
When you fill the input field
db_nameuse a name with a period => example :joomla.joomla4.install -
Continue filling the form and press button Setup Database Connection >
-
The form does not continue... seemingly without any warning
-
apply this PR
-
run
npm run build:jsand press button Setup Database Connection > again.... the form will not continue, but extended with a error message nearby the input fielddb_name
Actual result BEFORE applying this Pull Request
The attribute aria-invalid of field db_name field will remain false (instead of true) and the className of the wrapping form-group will remain has-success instead of has-danger. The Joomla core form-validator.js does not interfere.
Scroll to the top of the page to see the warning.
Expected result AFTER applying this Pull Request
When applying this PR the Joomla form-validator.js will interfere and HTML5 logic will be applied. Attribute aria-invalid will change from false into true and the className of the wrapping form-group will change from has-success into has-danger. Since there is no title attribute provided on this input field, the browser default message will appear.
Documentation Changes Required
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Installation |
@richard67 you are right.
The proposed solution is not correct... but the issue remains.
What's next? The pattern should be removed I guess and another solution has to be written.
Anyone a suggestion for a proper solution?
| Title |
|
||||||
Am I correct in assuming that the problem you are trying to resolve is the positioning of the error message?
Am I correct in assuming that the problem you are trying to resolve is the positioning of the error message?
Or scroll the error message into view.
As you can see on the code of the current implementation it only returns a message.
It does not change the attributes aria-invalid (from false to true) nor does it change the className has-success into has-danger.
joomla-cms/installation/src/Helper/DatabaseHelper.php
Lines 240 to 243 in 1b5cc36
I agree that you have identified a genuine problem. However html5 validation is not the way to go as I have been regularly told.
I agree that you have identified a genuine problem. However html5 validation is not the way to go as I have been regularly told.
@brianteeman can you explain me why HTML5 form validation is not the way to go?
| Labels |
Added:
?
?
|
||
See #30261 (comment) so it should be set to Draft?
I didn't manage to find a solution to check both MySQL(i) only also for PostgreSQL other then implementing two new fields:
- db_name-mysql => will appear when selecting DB type = MySQL
- db_name-postgressql => will appear when selecting DB type = PostgresSQL
and after valid input they will fill hidden field db_name
That was what I was thinking about could be a solution to use HTML5 form validation.
Would that be a proper solution?
I didn't manage to find a solution to check both MySQL(i) only also for PostgreSQL other then implementing two new fields:
* db_name-mysql => will appear when selecting DB type = MySQL
* db_name-postgressql => will appear when selecting DB type = PostgresSQLand after valid input they will fill hidden field db_name
That was what I was thinking about could be a solution to use HTML5 form validation.
Would that be a proper solution?
That could be indeed the only possible way since we don't have something like "showon" for controlling if something is shown also for the rules, i.e. control by field values of field x the validation rules of field y.
P.S.: But I'm not sure if it needs the hidden field, or if that would not even open a security hole. If you store the validated value and assume the value in the hidden field is validated when using it on server side, one might hack that by modifying the hidden field value with broswer tools at the right time. So maybe on server side there should be a check which of these fields to be used when doing the server-side validation? I could help with info where to find that, if necessary.
Closing this issue, since I don't know how to solve this.
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-10-21 07:19:06 |
| Closed_By | ⇒ | hans2103 | |
| Labels |
Added:
?
Removed: ? |
||
If I get it right, this PR enforces the rule which is meant for MySQL(i) only also for PostgreSQL.