Bug #36950
closed
new form content element: input of OPTIONS >> ATTRIBUTES PROPERTIES >> NAME for a specific form element should be validated
0%
Description
an editor is able to fill in special characters into OPTIONS >> ATTRIBUTES PROPERTIES >> NAME for a specific form element in the "new" form content element (introduced with TYPO3 4.6) via form wizard.
if you insert special characters like : or / the form will not work: error message will be shown in the frontend after submitting the form and no email will be sent.
a validation of the OPTIONS >> ATTRIBUTES PROPERTIES >> NAME field would solve the problem.
Updated by Mathias Schreiber almost 10 years ago
- Target version changed from 6.0.0 to 7.2 (Frontend)
- Is Regression set to No
Updated by Stefan Neufeind almost 10 years ago
Also having things like a comma in the label is not that uncommon but causes problems.
Updated by Benni Mack over 9 years ago
- Target version changed from 7.2 (Frontend) to 7.4 (Backend)
Updated by Björn Jacob over 9 years ago
- Category changed from Form Framework to 1602
Updated by Björn Jacob over 9 years ago
- Category changed from 1602 to Form Framework
Updated by Susanne Moog over 9 years ago
- Target version changed from 7.4 (Backend) to 7.5
Updated by Gerrit Code Review over 9 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42779
Updated by Ralf Zimmermann over 9 years ago
A element name property definded by Typoscript may have different name in the frontend. After submitting the form, the names from
Typoscript and the POTS request can not be mapped.
My solution is to standardize element name properties on both sides. At runtime when the objects are created and named
and use the same name for the rendering.
This solution concerns currently only program execution and not the backend wizard.
More details:
Form rendering:
\TYPO3\CMS\Form\Domain\Factory\TypoScriptFactory->reconstituteElement
This function creates the Elements and set the "name" property of the php objects by Typoscript property "name".
Later the attributes for the element are created.
The value of the "name" attribute are also the "name" property defined by Typoscript.
\TYPO3\CMS\Form\Domain\Model\Attribute\NameAttribute->getValue
This function return a unified value of the "name" attribute. This unified string is used for the html "name" property.
This means spaces are replaced by hypens and non-word characters are removed.
A Typoscript like this
10 = TEXTLINE
10 {
name = test 1 : /
label {
value = xxx
}
}
results in a html element like this
<input id="field-2" type="text" value="xxx" name="tx_form[test-1--]">
After submitting the form the confirmation page or the Mail is rendered:
\TYPO3\CMS\Form\Domain\Factory\TypoScriptFactory->reconstituteElement
This function creates the Elements and set the "name" property of the php objects by Typoscript property "name".
Later "forms" try to map the Typoscript property "name" to the incomming POST data with the function "checkFilterAndSetIncomingDataFromRequest".
This mapping fails because name by typoscript is "test 1 : /" and the name in the POST request is "test-1--".
This results later in a PHP error.
Updated by Björn Jacob about 9 years ago
Here's a snippet which helps to reproduce the problem:
enctype = multipart/form-data method = post prefix = tx_form confirmation = 1 postProcessor { 1 = mail 1 { recipientEmail = your@email.com senderEmail = your@email.com } } 10 = TEXTLINE 10 { name = test 0 : / label { value = Edit this label } } 20 = SELECT 20 { name = test 1 : / label { value = Edit this label } 10 = OPTION 10 { data = Option 1 test 1 : / value = test 2 : / } 20 = OPTION 20 { data = Option 2 test 1 : / value = test 3 : / } 30 = OPTION 30 { data = Option 3 test 1 : / value = test 4 : / } } 30 = SUBMIT 30 { name = test 6 : / value = submit }
Updated by Gerrit Code Review about 9 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42779
Updated by Gerrit Code Review about 9 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42779
Updated by Gerrit Code Review about 9 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42779
Updated by Benni Mack about 9 years ago
- Status changed from Under Review to Closed
this is fixed in v7.