Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-18253

Missing sanity checks on user-entered data

    Details

    • Type: Bug
    • Status: Done/Fixed
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Affects Version/s: 4.6, 4.7
    • Fix Version/s: None
    • Component/s: Core CiviCRM
    • Labels:
    • Documentation Required?:
      None
    • Funding Source:
      Needs Funding

      Description

      A lot of times there are fatal errors in CiviCRM because the type or length of input fields is not checked before making a database call.

      Since the database schema is fully defined in XML files, it seems like it would be trivial to either:

      • add another argument to the CRM_Core_Form::addElement/addSelect functions that references the database field that is entered in this control, and then automagically adds a validation rule based on the metadata for his field.
      • or add a formRule helper that would accept an array of form controls => field and automagically compute and add form validation rules as required per XML schema.

      So for example we would not have these kind of FATAL errors:
      {{UPDATE civicrm_address SET contact_id = 57142 , location_type_id = 5 , is_primary = 1 , is_billing = 1 , street_address = 'Rua Antônio Lustosa Cabral' , city = 'joao pessoa' , state_province_id = NULL , postal_code = '58045020 ?? ??' , country_id = 1228 , geo_code_1 = -7.1202915 , geo_code_2 = -34.8284786 , manual_geo_code = 0 WHERE ( civicrm_address.id = 52801 ) [nativecode=1406 ** Data too long for column 'postal_code' at row 1]
      }}

      Every fatal error that an end-user encounters is frustrating and contributes to giving CiviCRM and open source in general a bad reputation.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nganivet Nicolas Ganivet
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: