Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Discussion $this->validator->getValidated() looks stupid and unnecessary
$this->validator->getValidated() looks stupid and unnecessary
  • Offline MrWhite
    Member
  • ***
  • Posts: 62
    Threads: 17
    Joined: Sep 2020
    Reputation: -1
#16
10-15-2023, 10:21 PM

(10-15-2023, 03:19 PM)kenjis Wrote: @MrWhite

Yes, in_list should be used. An attacker can send any value to the checklist filed.

> but then we have to add hidden input field for that checkbox.

Why, I don't know.

The problem is when use in_list type validation rules for optional checkboxes, the validator always expect a value to be submitted. if the form submitted with the checkbox unchecked then the validation will fail. I think it should not happen. non submitted inputs should be ignored. to mitigate this issue, we have to use input hidden for all the optional inputs. I think it's a dirty way of handling things.

Here is one of my ci4 apps example.

validation rule
[Image: jmhRldZ.jpg]

the view
[Image: 19qMvsm.jpg]

The validation will pass if i submit the form with checkbox checked. if not validation will fail.
I have double checked that, there is no hidden input field for the checkbox.

Don't you think this is a issue?

If im mistaken, please help me. thanks for your time Smile
Reply


Messages In This Thread
RE: $this->validator->getValidated() looks stupid and unnecessary - by MrWhite - 10-15-2023, 10:21 PM



Theme © iAndrew 2016 - Forum software by © MyBB