Bug #97707
Updated by John Miller almost 2 years ago
TYPO3 unserializes old values and sends them to controller action.
Steps to reproduce;
1) Setup an action that simply returns a default response.
- Should be blank so to speak.
- Should have one parameter. For simplicity, make it be a DTO with one
parameter for the input field and a reference a simple validator.
2) Setup the validator. Make it simple, something like if string is longer than 3 characters (or whatever) and return an error if shorter.
3) Setup a simple form with one input field for the validator and a submit button.
4) After setup, run the following test.
- Submit a VALID string. The form will return with no errors.
- Then, submit an INVALID string. It will be accepted.
I know. You are like, what?? Yeah. It will be accepted, even though the validator said it has errors.
Where things go wrong:
Here: @\TYPO3\CMS\Extbase\Mvc\Controller\ActionController::forwardToReferringRequest()@ . In this method, @arguments@ are sought from @__referrer@ internal arguments instead of the submitted values. Normally, if errors are found, only two elements are found in the @arguments@ form variable: @controller@ controller for controller name and @action@ action for action name. This is because they were submitted originally with the form and they will recycle as long as the validator finds errors. Nothing else will be added to it. This is good... until it validates. When it validates, results are sent directly to the action controller and not through the error controller. When the it process goes back to the form, the object or arguments submitted will be added to the form and returned to the user. use. Remember it validated. When you then send sends a wrong value, it goes to the error controller, old values (that validated) are unserialized and forwarded to your the action. And that's how you end up with old values in your action.
Assumption:
Form post values processing seem to be built under the presumption that once a form validates, you won't need it again. This needs correcting.