Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-13855

Submit fields lenght isn't ever checked

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 1.9
    • Fix Version/s: None
    • Component/s: Forms Library
    • Labels:
      None
    • Database:
      Oracle
    • Affected Branches:
      MOODLE_19_STABLE

      Description

      It seems that a lot of forms, have some input text fields whole maxsize isn't specified (for example, all module names, or resource->reference...), so it's possible to introduce values over the DB size of the field.

      Some DBs automatically use to truncate the data, allowing to insert it (incorrect behaviour IMO). And others directly drop an error.

      IMO we should (to do so in a proper way):

      1) Think how we can add something like "format-masks" in formslib. It should be able to specify things like: max length, number of digits and decimals (for numbers).
      2) The form constructor must understand this formats and apply the corresponding "maxsize" and client validations.
      3) The form checked must apply those formats and show error if something isn't fulfilled.

      Also, we can make a quicker fix that consists, basically, on examine as many forms as possible, applying the "maxsize" property to match the DB max length.

      This second approach is imperfect (nothing is validated at server level) but for sure, it's better that allowing an unlimited number of chars to arrive straight to DB.

      Perhpas we could apply the imperfect approach to 19_STABLE and plan the proper one, needs further discussion and important changes, for 2.0.

      Any comment is welcome. Ciao

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  1 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: