When options are validated, like a set of required radio buttons, an error will be logged when the user submits the form with no radio button selected.

The user gets to see the proper validation message, like "[element title] is required.", which is good.

But at the same time a watchdog error is logged: "Illegal choice [emptry string] in [element title] element.".

For the end user there is no issue here.

For the site administrator, in most cases, this just means extra noise in the watchdog list.

In some cases it can become a real problem though. If you are using a module that emails all errors, like http://drupal.org/project/logging_alerts, for example.

The fix is very easy, when checking for invalid options, first make sure the actual value is not empty. See attached patch.

Also, as a side note, the two watchdog error reports for Illegal Choices are preceded by form_error, where the user is instructed to contact the site administrator. This message never gets shown to the end user for some reason, I could not figure why. Is this because a form_error was already logged against this element?

CommentFileSizeAuthor
#8 drupal-better-error-reporting-and-logging-335179-8.patch1.93 KBmrfelton
#8 drupal-better-error-reporting-and-logging-335179-8-D7-do-not-test.patch1.91 KBmrfelton
#6 unnecessary error reported for options validations | drupal.org_.png40.09 KBclemens.tolboom
options_validation_error.patch715 bytesmariuss

Comments

lilou’s picture

lilou commented
Status: Active » Needs review

Make sense.

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented

I can see the benefit for having that error message. You should rarely see it, and in the case that it happens, it either means something is going wrong or someone is trying to hack the forms on your site. In both of those cases, I'd want to know.

I can undestand cleaning this message up a little bit, but let's not remove it.

mariuss’s picture

mariuss commented

Sorry, but I cannot see any benefit for this error message.

No hacking or anything wrong must happen in order to get this condition.

clemens.tolboom’s picture

clemens.tolboom
Primary language Dutch
Location Groningen, 🇳🇱/🇪🇺
commented
Version: 6.6 » 6.22

This issue is active on drupal.org too.

When changing this very issue project to ie Drupal Webmaster then press tab the error is produced.

  1. Click on Project: field
  2. delete core
  3. select 'Drupal.org webmasters'
  4. press enter
  5. Click on Project: field
  6. press tab
  7. Presto

I bumped this up to latest D6 assuming d.o is using that version too.

The patch looks useful but needs work as form.inc has too places this message occurs and filter module has a similar message.

includes/form.inc:              form_error($elements, $t('An illegal choice has been detected. Please contact the site administrator.'));
includes/form.inc:          form_error($elements, $t('An illegal choice has been detected. Please contact the site administrator.'));
modules/filter/filter.module:  form_error($form, t('An illegal choice has been detected. Please contact the site administrator.'));

Status: Needs review » Needs work

The last submitted patch, options_validation_error.patch, failed testing.

clemens.tolboom’s picture

clemens.tolboom
Primary language Dutch
Location Groningen, 🇳🇱/🇪🇺
commented
StatusFileSize
new unnecessary error reported for options validations | drupal.org_.png40.09 KB

unnecessary error reported for options validations

Steps to reproduce

Running this jQuery with ie firebug

$('#edit-title').focus()
$('#edit-project-info-project-title').val('Drupal core')
$('#edit-project-info-project-title').blur()

$('#edit-project-info-project-title').val('Drupal.org webmasters')
$('#edit-title').focus()
$('#edit-project-info-project-title').blur()

[ Powered by #1115636: Issue Macros and Templates - _default]

Please fix the reported issues. Don't forget to set status to needs review when submitting a new patch.

mrfelton’s picture

mrfelton commented
Version: 6.22 » 8.x-dev

Actually, this error message in the watchdog has been indispensable for us when working with the services module. Services 3.x uses the FAPI for processing of api calls. In this case, the forms are being used by the web service but are never presented to the end user. As it is now, the return from the services calls include any errors as returned by form_get_errors(). These errors are generic, and do not inclue the field name. This makes debugging issues very difficult, as the only way to find out which field was the offending field is to look in the watchdog. But people working with the API do not have access to the Drupal watchdog...

So, I would suggest that

1) The message that we present to the the user includes the name of the offending field. We do this in the case of required fields, which should invalid field data be any different?

2) We keep the watchdog log message, which I think is still useful. In my use case, as maintainers of the Drupal site we need to be able to support our API users, and so having form errors logged is useful.

This is an issue for all versions of Drupal, so should be addressed in D8 first.

mrfelton’s picture

mrfelton commented
Status: Needs work » Needs review
StatusFileSize
new drupal-better-error-reporting-and-logging-335179-8-D7-do-not-test.patch1.91 KB
new drupal-better-error-reporting-and-logging-335179-8.patch1.93 KB

To me, this is more useful. Includes the fix from the original patch, but also fixes up the error message so that it's more useful when reported on the form.

Status: Needs review » Needs work

The last submitted patch, drupal-better-error-reporting-and-logging-335179-8.patch, failed testing.

Version: 8.0.x-dev » 8.1.x-dev

Drupal 8.0.6 was released on April 6 and is the final bugfix release for the Drupal 8.0.x series. Drupal 8.0.x will not receive any further development aside from security fixes. Drupal 8.1.0-rc1 is now available and sites should prepare to update to 8.1.0.

Bug reports should be targeted against the 8.1.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.2.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.1.x-dev » 8.2.x-dev

Drupal 8.1.9 was released on September 7 and is the final bugfix release for the Drupal 8.1.x series. Drupal 8.1.x will not receive any further development aside from security fixes. Drupal 8.2.0-rc1 is now available and sites should prepare to upgrade to 8.2.0.

Bug reports should be targeted against the 8.2.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.3.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.2.x-dev » 8.3.x-dev

Drupal 8.2.6 was released on February 1, 2017 and is the final full bugfix release for the Drupal 8.2.x series. Drupal 8.2.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.3.0 on April 5, 2017. (Drupal 8.3.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.3.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.4.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.3.x-dev » 8.4.x-dev

Drupal 8.3.6 was released on August 2, 2017 and is the final full bugfix release for the Drupal 8.3.x series. Drupal 8.3.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.4.0 on October 4, 2017. (Drupal 8.4.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.4.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.5.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.4.x-dev » 8.5.x-dev

Drupal 8.4.4 was released on January 3, 2018 and is the final full bugfix release for the Drupal 8.4.x series. Drupal 8.4.x will not receive any further development aside from critical and security fixes. Sites should prepare to update to 8.5.0 on March 7, 2018. (Drupal 8.5.0-alpha1 is available for testing.)

Bug reports should be targeted against the 8.5.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.6.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

Version: 8.5.x-dev » 8.6.x-dev

Drupal 8.5.6 was released on August 1, 2018 and is the final bugfix release for the Drupal 8.5.x series. Drupal 8.5.x will not receive any further development aside from security fixes. Sites should prepare to update to 8.6.0 on September 5, 2018. (Drupal 8.6.0-rc1 is available for testing.)

Bug reports should be targeted against the 8.6.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.7.x-dev branch. For more information see the Drupal 8 minor version schedule and the Allowed changes during the Drupal 8 release cycle.

mbovan’s picture

mbovan commented
Issue summary: View changes

We noticed this issue as our logs were getting quite a lot of error messages where we could not do anything about. We had use cases triggered by bots/scripts with all sort of input strings/SQL queries (useful) as well as just normal users who were trying to access views with exposed filter options that are not present anymore (not useful).

#8 makes a step forward as it doesn't trigger error messages if there is no value.

However, if there would be a configuration option for an administrator to decide whether they want more/less noise about this particular situation that would be much helpful.

Version: 8.6.x-dev » 8.8.x-dev

Drupal 8.6.x will not receive any further development aside from security fixes. Bug reports should be targeted against the 8.8.x-dev branch from now on, and new development or disruptive changes should be targeted against the 8.9.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

Version: 8.8.x-dev » 8.9.x-dev

Drupal 8.8.7 was released on June 3, 2020 and is the final full bugfix release for the Drupal 8.8.x series. Drupal 8.8.x will not receive any further development aside from security fixes. Sites should prepare to update to Drupal 8.9.0 or Drupal 9.0.0 for ongoing support.

Bug reports should be targeted against the 8.9.x-dev branch from now on, and new development or disruptive changes should be targeted against the 9.1.x-dev branch. For more information see the Drupal 8 and 9 minor version schedule and the Allowed changes during the Drupal 8 and 9 release cycles.

quietone’s picture

quietone commented
Version: 8.9.x-dev » 9.3.x-dev
Status: Needs work » Closed (cannot reproduce)
Issue tags: +Bug Smash Initiative

Following the steps to reproduce from the IS I tested this on Drupal 7.80-dev, Drupal 8.9 and Drupal 9.3.x and was not able to reproduce the problem.

Therefore, closing as cannot reproduce. If you are experiencing this problem reopen the issue, by setting the status to 'Active', and provide complete steps to reproduce the issue (starting from "Install Drupal core").

Thanks!

clemens.tolboom’s picture

clemens.tolboom
Primary language Dutch
Location Groningen, 🇳🇱/🇪🇺
commented

Thanks for closing