datagrid icon indicating copy to clipboard operation
datagrid copied to clipboard
verified publisher icon nextras

Do not accept invalid filter values

Open milo opened this issue 8 years ago • 5 comments

The filter values are passed to datasource callback even the form is invalid. It can be problem when sanitized value is expected, let's say MAC or IP address. Not sure how to change the behaviour, maybe do not redirect and do not pass filter values.

milo avatar Mar 15 '17 21:03 milo

Well, I'd like the form be linkable, so only a get method would be solution, am I right?

hrach avatar Mar 15 '17 21:03 hrach

Or get only $control->isValid() values here?

milo avatar Mar 16 '17 15:03 milo

Oh, I see, yeah, there should be "validation", but it will be still possible to pass invalid value from url - are you ok with it?

hrach avatar Mar 16 '17 15:03 hrach

It's OK. IMHO important is, that datasource callback does not obtain invalid filter.

milo avatar Mar 17 '17 08:03 milo

With newer nette/forms (I use v3.1.3) warning is emmited:

User Warning
Nette\Forms\Container::getValues() invoked but the form is not valid.

milo avatar Oct 05 '21 09:10 milo