[#34284] - [4.0] Use validate="options" for filelist and folderlist fields
- Fixed in Code Base
- 30 May 2021
- Medium
- Build: 4.0-dev
- # 34284
- Diff
- richard67:4.0-dev-filelist-folderlist-validate-options
User tests: Successful: Unsuccessful:
Pull Request for Issue #34262 .
Summary of Changes
This pull request (PR) adds validate="options" to all fields of type "filelist" or "folderlist" in forms XML files to ensure server-side validation of the submitted values.
Testing Instructions
See issue #34262 : Edit one of the forms modified by this PR, select a value for a field modified by this PR, then inspect that field with the developer tools of your browser, modify the value to something not existing or bad in the DOM, like described in the issue, and save.
Without the PR you can save, with the PR you can't and get an invalid field validation message.
With the PR applied, verify in addition that selecting values and submitting the form without hacking the value in the DOM still works the same as without the PR.
Following fields in following forms are modified with this PR:
- System -> Manage -> Content languages, edit a language, field "Image"
- System -> Templates -> Mail Templates, edit a template -> Add attachment at the bottom, field "File" for that attachment
- System -> Plugins, edit the "Editor - CodeMirror" plugin, field "Theme" in tab "Appearance Options"
- System -> Plugins, edit the "Editor - TinyMCE" plugin, fields "Site Skin", "Administrator Skin", "Content Template Directory" and "Language Code" (only shown if "Automatic Language Selection" is "Off").
- System -> Plugins, edit the "Fields - Imagelist" plugin, field "Directory".
- System -> Plugins, edit the "Fields - Media" plugin, field "Directory".
- System -> Plugins, edit the "FileSystem - Local" plugin, dropdown field for each folder.
Actual result BEFORE applying this Pull Request
Values of fields of type "filelist" or "imagelist" are not validated against the available options on server side when submitting the form.
Expected result AFTER applying this Pull Request
Values of fields of type "filelist" or "imagelist" are validated against the available options on server side when submitting the form.
Selecting and submitting valid values works as well as without this PR.
Documentation Changes Required
None.
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Administration com_languages Front End Plugins |
| Title |
|
||||||
Im going to mark this PR content as successful BUT the options validation rule DOESN'T validate enough.
If you manipulate the HTML option value in a select list which has in its field definition validate="options", and set the value="" when no "" value existed in the options previously, the validation will still PASS when the form is submitted! This is not correct, because this is a manipulated value, and "" did not exist in the options to choose from. Forked to #34293
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/34284.
Thanks. The more we fix, the more we find to be fixed ... reminds me to an ancient Greece guy who had to roll a stone up a hill again and again ... and again ...
And this is after almost a decade of Joomla 4 development
/exaggerated Timeline so that the comment ages well.
| Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2021-05-30 22:57:18 |
| Closed_By | ⇒ | wilsonge | |
| Labels |
Added:
?
|
||
Merging this one as it's fairly simple and straightforward
Thanks all!
Drone failure seems unrelated to this PR but to be a RIPS problem in the 4.0-dev branch. @zero-24 or @SniperSister Could you check? Thanks in advance.