[drupal-devel] [bug] fix empty form elements
tostinni
drupal-devel at drupal.org
Wed Sep 7 22:30:48 UTC 2005
Issue status update for
http://drupal.org/node/18663
Post a follow up:
http://drupal.org/project/comments/add/18663
Project: Drupal
-Version: 4.6.0
+Version: 4.6.3
Component: base system
Category: bug reports
Priority: critical
Assigned to: chx
Reported by: killes at www.drop.org
Updated by: tostinni
-Status: active
+Status: patch (ready to be committed)
Attachment: http://drupal.org/files/issues/fix_form-4.6.3.patch (3.54 KB)
"It's strange that this problem still appears in drupal 4.6.3 (August
15, 2005); 4.6 CVS, and CVS Head and has been marked fixed on May 21,
2005. The last patch (fix_form_3.patch from comment 20) still applies
with little fuzziness and fixes the problem.
"
The problem has been fixed in HEAD as Dries said in #21 HEAD refer to
the future 4.7 version.
Here is the updated patch that apply to 4.6.3
tostinni
Previous comments:
------------------------------------------------------------------------
Thu, 10 Mar 2005 01:51:56 +0000 : killes at www.drop.org
If you select nothing from a set of checkboxes an empty string is save
to the variables table. This is a problem if the calling code assumes,
it would get an array.
We should make it save an empty array. The problem is the form_hidden
field that we add. even if we replace form_hidden($name, 0) by
form_hidden($name, array()) it isn't going to work, because the empty
array is eaten by htmlspecialchars.
redLED found this bug and he does not like it:
02:53 < redLED> i just like things saying 'CRITICAL' in red
02:53 < redLED> it gives this warm impending doom feeling
02:53 < redLED> and is generally associated with nuclear reactors in
people's subconsciousness
Suggestions welcome.
------------------------------------------------------------------------
Sat, 12 Mar 2005 18:47:42 +0000 : Steven
There is no way to fix it in form_checkboxes() itself afaik, because
even without htmlspecialchars, it would still come out as "Array". You
can only create arrays indirectly through form submissions, by naming
your values "foo[]". But you can not create empty arrays this way.
So it is really up to the module which uses form_checkboxes() to handle
this. A simple is_array() should do the trick.
------------------------------------------------------------------------
Mon, 28 Mar 2005 16:27:03 +0000 : chx
Attachment: http://drupal.org/files/issues/checkboxes.patch (1.71 KB)
system_settings_save can not really cope with this situation. This makes
a problem with empty node options. And the fact that we have a check
everywhere we use form_checkboxes is error prone, too. Here is a patch.
If this accepted I'll comb the core for dead code. For eg. the first
three lines of taxonomy_save_vocabulary and so.
------------------------------------------------------------------------
Mon, 28 Mar 2005 16:32:16 +0000 : chx
Attachment: http://drupal.org/files/issues/checkboxes_0.patch (1.71 KB)
Oh NO! One strayed space! I fixed it before steven beheads me....
------------------------------------------------------------------------
Mon, 28 Mar 2005 17:36:01 +0000 : chx
Attachment: http://drupal.org/files/issues/checkboxes_1.patch (1.64 KB)
Among other changes, I have moved the hidden field form_checkboxes[] out
of $edit. I have included HTML code, yes, but this is a very special
thing, so it does not merit changing form_input just 'cos of this. And
you won't need to theme a hidden field...
------------------------------------------------------------------------
Fri, 08 Apr 2005 07:19:28 +0000 : chx
Attachment: http://drupal.org/files/issues/form_checkboxes_2.patch (1.9 KB)
killes did not like the previous version.
------------------------------------------------------------------------
Mon, 11 Apr 2005 23:15:05 +0000 : chx
Dries?
------------------------------------------------------------------------
Tue, 12 Apr 2005 19:15:52 +0000 : chx
Attachment: http://drupal.org/files/issues/form_checkboxes_3.patch (1.64 KB)
------------------------------------------------------------------------
Tue, 12 Apr 2005 19:39:00 +0000 : jhriggs
I have to agree with Steven that it is up to the calling code...and I
hardly think this is critical. Code that is expecting an array from
form_checkboxes() should ensure that it is dealing with an array (i.e.
is_array()). As for dealing with variables set through things like
system_settings_save(), the same thing applies. The code that is
retrieving the variable should ensure that it is working with an array.
With regards to your patch, what's the difference if the calling code
has to remember to check via is_array() or remember to call
fix_checkboxes()? This method is no less error prone as it's just as
easy to forget this call as it is to check for an array. That is
unless you are suggesting that fix_checkboxes() gets called for every
page load which seems rather crufty.
I wrote the original patch to add form_checkboxes() -- which didn't
exist -- and if I remember, this was the desired behavior if nothing
was selected. Isn't this the same behavior one would see using a
multiple form_select() if the user chooses nothing? They should behave
the same. A single select widget is the same as a radio group, and a
multiple select widget is the same as a group of checkboxes. They
should behave the same; the select types just take up less realestate.
------------------------------------------------------------------------
Tue, 12 Apr 2005 21:23:06 +0000 : chx
Attachment: http://drupal.org/files/issues/form_checkboxes_4.patch (2.06 KB)
Previous patch had index.php missing.
jhriggs, the current problem is that a form_checkboxes expected to be
an array. Currently, empty form_checkboxes is a string. That's bad.
------------------------------------------------------------------------
Tue, 12 Apr 2005 22:51:25 +0000 : jhriggs
-1 on this patch.
I still don't understand the problem. What do you mean by
"form_checkboxes expected to be an array"? Is there code in core that
assumes it is an array but it is not checked with is_array()? If so,
let's add the missing checks. The same goes for contrib. This seems
like swatting a fly with a sledge hammer to me.
If we do go ahead and make this change, however, then we will need to
change form_select() also (when multiple = TRUE). Radios and single
select should be consistent, as should checkboxes and multiple select.
------------------------------------------------------------------------
Sat, 23 Apr 2005 11:35:30 +0000 : chx
Attachment: http://drupal.org/files/issues/fix_form.patch (4.71 KB)
See Gordon's complaint
http://lists.drupal.org/archives/drupal-devel/2005-04/msg00934.html
------------------------------------------------------------------------
Sat, 23 Apr 2005 11:38:07 +0000 : chx
Forgot to change the title.
------------------------------------------------------------------------
Sat, 23 Apr 2005 11:46:46 +0000 : chx
It seems that it's not obvious why this is necessary. The calling code
can not always handle itself the situation if the save is done by
system_save_settings. The edge case is: I set up something, so
variable_get no longer falls to its default value, later I decide to
empty it. If we do not do something like this patch,
system_save_settings can not know there is something to be set to
0/array() because it is just not in $_POST.
------------------------------------------------------------------------
Sat, 23 Apr 2005 13:23:37 +0000 : chx
Attachment: http://drupal.org/files/issues/fix_form_0.patch (4.72 KB)
Small bugfix.
------------------------------------------------------------------------
Sat, 23 Apr 2005 14:53:05 +0000 : chx
doh. still has serious problems when the name is an array. stay tuned.
------------------------------------------------------------------------
Sun, 24 Apr 2005 09:13:00 +0000 : chx
Attachment: http://drupal.org/files/issues/fix_form_1.patch (4.97 KB)
Recursive version.
------------------------------------------------------------------------
Sun, 24 Apr 2005 12:51:18 +0000 : Dries
Patch looks good but I would add some phpdoc to document what and why we
are doing this.
------------------------------------------------------------------------
Sat, 21 May 2005 16:43:47 +0000 : chx
Attachment: http://drupal.org/files/issues/fix_form_2.patch (3.23 KB)
People told me that form_radios does not need this because we can
reasonably expect that a radio is checked, that's different between a
bunch of checkboxes and a bunch of radios.
form_select submits an empty array (as also told by some).
So we are back to checkbox and checkboxes which need the fix.
------------------------------------------------------------------------
Sat, 21 May 2005 16:55:24 +0000 : chx
Attachment: http://drupal.org/files/issues/fix_form_3.patch (3.24 KB)
------------------------------------------------------------------------
Sat, 21 May 2005 18:34:20 +0000 : Dries
Committed to HEAD. Thanks.
------------------------------------------------------------------------
Mon, 23 May 2005 00:09:30 +0000 : TDobes
Why do we now have both a _fix_checkboxes() and fix_checkboxes()
function? Shouldn't we name these something a little more intuitive?
Without poking through the code, I have no idea what _fix_checkboxes is
for and why it's different than fix_checkboxes. It really deserves
some phpdoc too. Any sort of more-pleasant variable naming in
_fix_checkboxes() would be much appreciated as well... It's easy to get
lost in that array1/array2/single letter variable business pretty fast.
Sorry for nit-picking, but most of the Drupal core code is far more
readable than this.
------------------------------------------------------------------------
Tue, 06 Sep 2005 03:00:14 +0000 : mr700
It's strange that this problem still appears in drupal 4.6.3 (August 15,
2005); 4.6 CVS, and CVS Head and has been marked fixed on May 21, 2005.
The last patch (fix_form_3.patch from comment 20 [1]) still applies
with little fuzziness and fixes the problem.
[1] http://drupal.org/node/18663#comment-30411
More information about the drupal-devel
mailing list