Moodle
  1. Moodle
  2. MDL-13855

Submit fields lenght isn't ever checked

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.9
    • Fix Version/s: None
    • Component/s: Forms Library
    • Labels:
      None
    • Database:
      Oracle
    • Affected Branches:
      MOODLE_19_STABLE
    • Rank:
      996

      Description

      It seems that a lot of forms, have some input text fields whole maxsize isn't specified (for example, all module names, or resource->reference...), so it's possible to introduce values over the DB size of the field.

      Some DBs automatically use to truncate the data, allowing to insert it (incorrect behaviour IMO). And others directly drop an error.

      IMO we should (to do so in a proper way):

      1) Think how we can add something like "format-masks" in formslib. It should be able to specify things like: max length, number of digits and decimals (for numbers).
      2) The form constructor must understand this formats and apply the corresponding "maxsize" and client validations.
      3) The form checked must apply those formats and show error if something isn't fulfilled.

      Also, we can make a quicker fix that consists, basically, on examine as many forms as possible, applying the "maxsize" property to match the DB max length.

      This second approach is imperfect (nothing is validated at server level) but for sure, it's better that allowing an unlimited number of chars to arrive straight to DB.

      Perhpas we could apply the imperfect approach to 19_STABLE and plan the proper one, needs further discussion and important changes, for 2.0.

      Any comment is welcome. Ciao

        Issue Links

          Activity

          Hide
          Eloy Lafuente (stronk7) added a comment -

          Adding some people here to let them know.

          Show
          Eloy Lafuente (stronk7) added a comment - Adding some people here to let them know.
          Hide
          Michael de Raadt added a comment -

          Thanks for reporting this issue.

          We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported.

          If you believe that this issue is still relevant to current versions (2.3 and beyond), please comment on the issue. Issues left inactive for a further month will be closed.

          Michael d;

          4d6f6f646c6521

          Show
          Michael de Raadt added a comment - Thanks for reporting this issue. We have detected that this issue has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you believe that this issue is still relevant to current versions (2.3 and beyond), please comment on the issue. Issues left inactive for a further month will be closed. Michael d; 4d6f6f646c6521
          Hide
          Michael de Raadt added a comment -

          I'm closing this issue as it has been inactive for over a year has been recorded as affecting versions that are no longer supported.

          If you still believe this is an issue in supported versions, please report a new issue.

          Show
          Michael de Raadt added a comment - I'm closing this issue as it has been inactive for over a year has been recorded as affecting versions that are no longer supported. If you still believe this is an issue in supported versions, please report a new issue.

            People

            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: