#5534 - No server-side field validation for field hooks (catalogues)

By PDStig
Added 6th Jan 2024, 7:55 PM
6 views

Identifier	#5534
Issue type	Major issue (breaks an entire feature)
Title	No server-side field validation for field hooks (catalogues)
Status	Completed
Handling member	PDStig
Version	10.0.44
Addon	catalogues
Description	There is no server-side validation when adding or editing catalogue entries. The only validation is JavaScript-side. But someone can modify or bypass the JS in their browser to force validation to pass, thereby resulting in the form getting submitted and the catalogue entry having invalid values. This bug also exists in v11.
Steps to reproduce
Funded?	No
Commits	Fixed MANTIS-5534 (No server-side field validation for field hooks (catalogues)) (7a460e1e) · Commits · Composr ecosystem / Composr · GitLab

The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".

Rating

Unrated

Comments

By Guest posted 6th Jan 2024, 10:45 PM

Automated response: No server-side field validation for field hooks (catalogues)

There is no server-side validation when adding or editing catalogue entries. The only validation is JavaScript-side. But someone can modify or bypass the JS in their browser to force validation to pass, thereby resulting in the form getting submitted and the catalogue entry having invalid values.

This fix adds required field validation on a high-level (wherever the hooks are called) and field-specific validation where it was missing in inputted_to_field_value.

By Guest posted 6th Jan 2024, 10:48 PM

Do NOT use themes/default/javascript/checking.js in the hotfix; I accidentally committed test code.

By Guest posted 11th Jan 2024, 9:01 AM

Another issue I forgot to mark resolved. This was implemented in v11 too a couple days ago. Not a perfect solution but it gets the job done.

#5534 - No server-side field validation for field hooks (catalogues)

Rating

Comments

Statistics