I'm manipulating dynamicaly the content of a Combobox It starts empty, I set the values with jQuery, and when I click Submit, an error say something like 'invalid content, contact your administrator' There is any protection to prevent content different from the original possible values to an <SELECT> ? Its hard to search for it, what keywords? :) Thanks Feijó
I'd check if the form is defined with #value instead of #default_value. I'm not sure if that would cause this problem, but that's what I'd check. Alessandro Feijó wrote:
I'm manipulating dynamicaly the content of a Combobox
It starts empty, I set the values with jQuery, and when I click Submit, an error say something like 'invalid content, contact your administrator'
There is any protection to prevent content different from the original possible values to an <SELECT> ?
Its hard to search for it, what keywords? :)
Thanks
Feijó
I'm not using ether I set the #default_value to my select, no effect. same error. I try with #value, now the error is gone, but the returned value is always that I set in my $form (0) and not the selected one! baita abraço Feijó ----- Original Message ----- From: "Doug Green" <douggreen@douggreenconsulting.com> To: <development@drupal.org> Sent: Friday, December 28, 2007 11:15 AM Subject: Re: [development] form protection?
I'd check if the form is defined with #value instead of #default_value. I'm not sure if that would cause this problem, but that's what I'd check.
Alessandro Feijó wrote:
I'm manipulating dynamicaly the content of a Combobox
It starts empty, I set the values with jQuery, and when I click Submit, an error say something like 'invalid content, contact your administrator'
There is any protection to prevent content different from the original possible values to an <SELECT> ?
Its hard to search for it, what keywords? :)
Thanks
Feijó
Alessandro Feijó a écrit :
I'm manipulating dynamicaly the content of a Combobox
It starts empty, I set the values with jQuery, and when I click Submit, an error say something like 'invalid content, contact your administrator'
There is any protection to prevent content different from the original possible values to an <SELECT> ? Yes there is. You need to specify $form['your_select_element']['#dangerous_skip_check'] = TRUE; You probably then need to perform your own server-side validation on the posted value.
Note that this has been removed from D6, where the recommended way is now to use FAPIs #ahah properties.
Hi Ufuk, Thanks for you reply I found that error in my log Escolha ilegal 8 no elemento Field. Something like "iligal choice 8 in Field element" How can I change that behavior? Feijó ----- Original Message ----- From: ufuk bayburt To: development@drupal.org Sent: Friday, December 28, 2007 11:40 AM Subject: Re: [development] form protection? There is any protection to prevent content different from the original possible values to an <SELECT> ? yes and it gives "Illegal choice" error. check your error logs to see if that is the case.
On Fri, 28 Dec 2007 10:55:58 -0200, Alessandro Feijó wrote:
I'm manipulating dynamicaly the content of a Combobox It starts empty, I set the values with jQuery, and when I click Submit, an error say something like 'invalid content, contact your administrator' There is any protection to prevent content different from the original possible values to an ? Yes there is. You need to specify $form['your_select_element']['#dangerous_skip_check'] = TRUE; You then need to perform your own server-side validation on the posted value, since this leaves your form open to invalid submissions. Note that this flag has been removed from D6, where the recommended way is now to use FAPIs #ahah properties.
I think that yched's advise is good. But listening to your application, you have something that only works when javascript is available, which is not a very good degrade. Things should work for people without javascript too. So, if the options are known to the php code, you might try setting them in the #options, then removing the ones that aren't valid by javascript -- rather than the other way around (which is what I think you're doing) which is putting no values i #options, and then adding the valid ones by javascript. If that's not possible, then yched's advise is definitely the way to go. yched.drupal@free.fr wrote:
On Fri, 28 Dec 2007 10:55:58 -0200, Alessandro Feijó wrote:
I'm manipulating dynamicaly the content of a Combobox It starts empty, I set the values with jQuery, and when I click Submit, an error say something like 'invalid content, contact your administrator' There is any protection to prevent content different from the original possible values to an ? Yes there is. You need to specify $form['your_select_element']['#dangerous_skip_check'] = TRUE; You then need to perform your own server-side validation on the posted value, since this leaves your form open to invalid submissions. Note that this flag has been removed from D6, where the recommended way is now to use FAPIs #ahah properties.
should work for people without javascript too. So, if the options are known to the php code, you might try setting them in the #options, then
I second this motion. #DANGEROUS_SKIP_CHECK has good reasons for being uppercase -- it should stand out of your code as a sore thumb and it should hurt like one. I grudgingly added it and was rather happy when it was removed. This is as good as any occasion as any other to remind you all that the primary reason for FAPI transformation is not expandability, themability or any other such goodness. Nope, the primary reason is security. It's the first guard. Yes it was not the first goal of it but then we realized it's very good as first line defense. If you knock off the options checker, you removed one of the guards in Drupal. Your validation handler better be good then to replace it.
participants (6)
-
Alessandro Feijó -
Doug Green -
Karoly Negyesi -
ufuk bayburt -
yched.drupal@free.fr -
Yves CHEDEMOIS