Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support CI 4.6.0 and myth-auth 1.2.1 - fill placeholders problem
CI 4.6.0 and myth-auth 1.2.1 - fill placeholders problem
  • Offline krystianrzepa
    Newbie
  • *
  • Posts: 1
    Threads: 1
    Joined: Feb 2025
    Reputation: 0
#1
02-19-2025, 01:19 AM
(This post was last modified: 02-19-2025, 02:01 AM by krystianrzepa.)

Hi
I recently updated codeigniter to version 4.6.0 and myth-auth to 1.2.1. After the update the whole app is working fine, but unfortunately adding and editing groups and permissions does not work. I get this error:
Quote:
PHP Code:
CRITICAL 2025-02-18 13:56:04 --> CodeIgniter\Exceptions\LogicExceptionThe placeholder field cannot use placeholdername
[MethodPOSTRouteadmin/permission]
in SYSTEMPATH\Validation\Validation.php on line 814.
 1 SYSTEMPATH\Validation\Validation.php(156): CodeIgniter\Validation\Validation->fillPlaceholders([...], [...])
 2 SYSTEMPATH\BaseModel.php(1576): CodeIgniter\Validation\Validation->run([...], nullnull)
 3 SYSTEMPATH\BaseModel.php(808): CodeIgniter\BaseModel->validate([...])
 4 SYSTEMPATH\Model.php(800): CodeIgniter\BaseModel->insert([...], false)
 5 SYSTEMPATH\BaseModel.php(750): CodeIgniter\Model->insert([...], false)
 6 APPPATH\Controllers\Users\PermissionController.php(64): CodeIgniter\BaseModel->save([...])
 7 SYSTEMPATH\CodeIgniter.php(933): App\Controllers\Users\PermissionController->create()
 8 SYSTEMPATH\CodeIgniter.php(507): CodeIgniter\CodeIgniter->runController(Object(App\Controllers\Users\PermissionController))
 9 SYSTEMPATH\CodeIgniter.php(354): CodeIgniter\CodeIgniter->handleRequest(nullObject(Config\Cache), false)
10 SYSTEMPATH\Boot.php(334): CodeIgniter\CodeIgniter->run()
11 SYSTEMPATH\Boot.php(67): CodeIgniter\Boot::runCodeIgniter(Object(CodeIgniter\CodeIgniter))
12 FCPATH\index.php(56): CodeIgniter\Boot::bootWeb(Object(Config\Paths)) 
My PermissionController.php file:
PHP Code:
<?php

namespace App\Controllers\Users;

use App\Controllers\BaseController;
use App\Entities\Collection;
use App\Models\PermissionModel;
use CodeIgniter\API\ResponseTrait;

/**
 * Class PermissionController.
 */
class PermissionController extends BaseController
{
    use ResponseTrait;

    /** @var \App\Models\PermissionModel */
    protected $permission;

    /**
    * __construct.
    *
    * @return void
    */
    public function __construct()
    {
        $this->permission = new PermissionModel();
    }

    /**
    * Create a new resource object, from "posted" parameters.
    *
    * @return array an array
    */
    public function create()
    {
        if (!$data $this->permission->save($this->request->getPost())) {
            return $this->fail($this->permission->errors());
        }

        return $this->respondCreated($datalang('my_app.permission.msg.msg_insert'));
    }


My PermissionModel.php file:
PHP Code:
<?php

namespace App\Models;

use Myth\Auth\Models\PermissionModel as BaseModel;

class PermissionModel extends BaseModel
{
    const ORDERABLE = [
        1 => 'name',
        2 => 'description',
    ];


It seems to me that the problem is in the PermissionModel file from the myth-auth library, where there are such rules:
PHP Code:
    protected $validationRules = [
        'name'        => 'required|max_length[255]|is_unique[auth_permissions.name,name,{name}]',
        'description' => 'max_length[255]',
    ]; 

According to docs:
Quote:Since v4.3.5, you must set the validation rules for the placeholder field (the id field in the sample code above) for security reasons. Because attackers can send any data to your application.

I'm not sure if you can do rules this way and if this is the cause of the problem (name field in name field rules).

I made temporary something like this in my PermissionModel.php file and everything working fine, but Im not sure if this is correct way:
PHP Code:
    public function save($data): bool
    {
        $this->validationRules = [
            'name'        => 'required|max_length[255]|is_unique[auth_permissions.name]',
            'description' => 'max_length[255]',
        ];

        return parent::save($data);
    }

    public function update($id null$data null): bool
    {
        $this->validationRules = [
            'name'        => "required|max_length[255]|is_unique[auth_permissions.name,id,{$id}]",
            'description' => 'max_length[255]',
        ];

        return parent::update($id$data);
    

Thank you in advance for your help.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB