Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Discussion $this->validator->getValidated() looks stupid and unnecessary
$this->validator->getValidated() looks stupid and unnecessary
  • Offline MrWhite
    Member
  • ***
  • Posts: 62
    Threads: 17
    Joined: Sep 2020
    Reputation: -1
#11
10-09-2023, 07:51 PM
(This post was last modified: 10-09-2023, 08:07 PM by MrWhite.)

(10-09-2023, 09:21 AM)sammyskills Wrote: Feel free to send a PR!

I wish I could! but I dont thing I have a good hang of the framework inside out.
(10-09-2023, 01:52 PM)kenjis Wrote:
(10-09-2023, 04:48 AM)MrWhite Wrote: If the $this->validate() method working fine then why we need this new method? if $this->validate() returns true then we can be sure about the submitted data.

Because $this->validate() is broken. Even if $this->validate() returns true then we cannot be sure about the submitted data.
The true issue is what data $this->validate() validates.

If you create a normal form, you expect the data is POST data. But it is not sure $this->validate() validates it.

(10-09-2023, 04:48 AM)MrWhite Wrote: If the $this->validate() got any security issues, then that method is the one we have to fix, instead introduce new methods.

Yes, you are correct. But it seems impossible to me. If you can, feel free to send a Pull Request for it.
I wish I could man. But if youi were not being able to fix that method, I sure I wont be able too. You are much more capable than me Smile
(10-09-2023, 01:56 PM)kenjis Wrote:
(10-09-2023, 08:35 AM)MrWhite Wrote: And we do it intentionally sometimes, because there are some situations that we dont want some fields to be validated.

In my understanding, all data always should be validated. No exception.
Why don't you want some fields to be validated?

As a example, lets say we have a optional checkbox. we dont care about it's value or whether its submitted or not. We only care about if that checkbox in the submitted data array or not. for that kind of situations I dont feels like add validation.
(10-09-2023, 02:01 PM)kenjis Wrote: A simple solution is to use $this->validateData() instead of $this->validate().
https://codeigniter4.github.io/CodeIgnit...lidatedata

Thanks I will use validateData() method instead validate() method.
This reply was very helpfull.
(10-09-2023, 02:04 PM)kenjis Wrote: @MrWhite Does the following note in the User Guide answer your question?

Quote:Warning

When you use the validate() method, you should use the getValidated() method to get the validated data. Because the validate() method uses the Validation::withRequest() method internally, and it validates data from $request->getJSON() or $request->getRawInput() or $request->getVar(), and an attacker could change what data is validated.

https://codeigniter4.github.io/CodeIgnit...s-validate

It could be better if this description highlight the validateData() method.

Thanks for the all hardwork @kenjis appreciate that.
Reply


Messages In This Thread
RE: $this->validator->getValidated() looks stupid and unnecessary - by MrWhite - 10-09-2023, 07:51 PM



Theme © iAndrew 2016 - Forum software by © MyBB