Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#31698] - [4.0] Add User ID validation to fields

? ? Pending

User tests: Successful: Unsuccessful:

avatar wilsonge
wilsonge
18 Dec 2020

Pull Request for Issue #30969 .

Summary of Changes

Adds a new validation rule for having a valid user ID and applies it to all form fields in the CMS of type user.

Testing Instructions

Joomla 4 -> Edit any article (sample data or manually create one and hit save)

Edit HTML of the edit page with inspector tools

change the value of jform_created_by_id field

Before patch: If you hit save you'll get a database validation error Save failed with the following error: Incorrect integer value: 'Mr Hacker' for column 'created_by' at row 1 (see original issue for screenshot). After patch:

Screenshot 2020-12-18 at 04 57 12

You can also try and do the same thing with an invalid user id (e.g. 999999) - note before patch an integer id even if not valid was saved to the DB. After the patch it will not be.

Backwards Compatibility

There is one issue here which is that articles which were created by deleted users now will NOT save to the database until they are changed to point to a user that does exist. I'm unsure how serious to rank this as an issue (you will get an error like the following :-

Screenshot 2020-12-18 at 04 59 00

but it will still save)

Documentation Changes Required

Possibly relating to the deleted users comment.

/cc @joomla/security

avatar wilsonge wilsonge - open - 18 Dec 2020
avatar wilsonge wilsonge - change - 18 Dec 2020
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 18 Dec 2020
Category Administration com_banners com_categories com_contact com_content com_fields com_finder com_newsfeeds com_tags com_users Front End Libraries Plugins
avatar wilsonge wilsonge - change - 18 Dec 2020
The description was changed
avatar wilsonge wilsonge - edited - 18 Dec 2020
avatar wilsonge wilsonge - change - 18 Dec 2020
The description was changed
avatar wilsonge wilsonge - edited - 18 Dec 2020
avatar wilsonge wilsonge - change - 18 Dec 2020
Labels Added: ?
avatar wilsonge
wilsonge - comment - 18 Dec 2020

OK I pushed up the actual working version to the wrong remote last night ? Some of this fixes your comments @Denitz (like the required field properties and the value returned).

avatar wilsonge wilsonge - change - 22 Dec 2020
Title
First pass at user id validation
[4.0] Add User ID validation to fields
avatar wilsonge wilsonge - edited - 22 Dec 2020
avatar ceford
ceford - comment - 3 Jan 2021

I have tested this item successfully on 44f8b35

I can confirm:
before the patch an in valid user ID is saved - two messages: Article Saved (success) and Unable to find user with the ID: 800 (warning).
with the patch an invalid user ID is not saved - two messages combined as one warning: Invalid field: Created By and Unable to find user with the ID: 800.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31698.

avatar ceford ceford - test_item - 3 Jan 2021 - Tested successfully
avatar gostn
gostn - comment - 10 Jan 2021

I have tested this item successfully on 44f8b35

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31698.

avatar gostn gostn - test_item - 10 Jan 2021 - Tested successfully
avatar alikon alikon - change - 10 Jan 2021
Status Pending Ready to Commit
avatar alikon
alikon - comment - 10 Jan 2021

RTC

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/31698.

avatar richard67 richard67 - change - 13 Jan 2021
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2021-01-13 18:17:21
Closed_By richard67
Labels Added: ?
avatar richard67 richard67 - close - 13 Jan 2021
avatar richard67 richard67 - merge - 13 Jan 2021
avatar richard67
richard67 - comment - 13 Jan 2021

Thanks!

Add a Comment

Login with GitHub to post a comment