Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development Issues Array passes form validation for string element with the same name -- how to fix?
Array passes form validation for string element with the same name -- how to fix?
  • Offline Stanzi1791
    Newbie
  • *
  • Posts: 2
    Threads: 1
    Joined: Sep 2018
    Reputation: 0
#1
09-25-2018, 01:55 PM

I've set up form validation for (amongst other fields) a text input box with the name "cms", this is in my application\config\form_validation.php file:

    // ...

        array(
            'field' =>  'cms',
            'label' =>  'CMS',
            'rules' =>  'is_natural_no_zero' 
        ),

    // ...

If I use a regular <input name="cms" value="value"> this works fine.

Yet, if I tweak the html for the form, and send a "cms" array to the controller instead of a string value, like this 

<input name="cms[]" value="some"><input name="cms[]" value="other">

this array passes the validation rule! Which is not what I want, nor what I expected.

I would expect (and want) the form validation to fail if an array instead of a string value was submitted.
Is there a way to enforce this in CodeIgniter (using validation rules)?
Reply
  • Offline dave friend
    Posting Freak
  • *****
  • Posts: 1,015
    Threads: 15
    Joined: Jun 2015
    Reputation: 50
#2
09-25-2018, 09:04 PM

If the field name is an array - i.e. cms[] - then you must use the exact same for your Validation Rule field name. e.g.

PHP Code:
$this->form_validation->set_rules('cms[]''CMS''is_natural_no_zero'); 

See Using Arrays as Field Names
Reply
  • Offline Stanzi1791
    Newbie
  • *
  • Posts: 2
    Threads: 1
    Joined: Sep 2018
    Reputation: 0
#3
09-26-2018, 02:47 AM
(This post was last modified: 09-26-2018, 08:07 AM by Stanzi1791.)

(09-25-2018, 09:04 PM)dave friend Wrote: If the field name is an array - i.e. cms[] - then you must use the exact same for your Validation Rule field name. e.g.

PHP Code:
$this->form_validation->set_rules('cms[]''CMS''is_natural_no_zero'); 

See Using Arrays as Field Names

Thank you for your reply. I understand that if I want to use an array, I have to alter the validation rules.

But that is not what my question is about: I was trying to simulate the case where someone sends a forged post request to my controller, in which case it shouldn't validate.

After some further research I really do think there's a bug in CodeIgniter's the form validation code.

I fixed it by creating a file at application\libraries\MY_Form_validation.php, copying the _execute function, and replacing this

// If we get an array field, but it's not expected - then it is most likely
// somebody messing with the form on the client side, so we'll just consider
// it an empty field
$postdata = is_array($this->_field_data[$row['field']]['postdata'])
? NULL
: $this->_field_data[$row['field']]['postdata'];

with this

// If we get an array field, but it's not expected - then it is most likely
// somebody messing with the form on the client side, so we'll just consider
// it an empty field
$postdata = is_array($this->_field_data[$row['field']]['postdata'])
? ""
: $this->_field_data[$row['field']]['postdata'];
$this->_field_data[$row['field']]['postdata'] = $postdata;


(Using NULL won't work here, because NULL values are not re-assigned to the $_POST array by the _reset_post_array function.)
Reply




Theme © iAndrew 2016 - Forum software by © MyBB