FAPI built-in validation functions are called after the form_id_validate() function [#63704]

At present validation functions are called in the wrong order. E.g. A password confirm field is checked in the module for password length. The password length check occurs before the check for them being the same, which is built-in.

Another nasty repercussion of this call ordering is when credit card details are validated. I'm currently building a reuseable FAPI type for credit card information. It will have built-in functions to validate the card number and expiry date. Credit card payments are transacted (with the payment gateway) during the validation step, so if they fail the form doesn't reach the submit state. With the current ordering, and the proper implementation using #validate on the credit card type, the payment transaction is executed before validation of the card number and expiry date.

A similar problem exists for date type validation.

I realise fixing this bug will require some pretty heavy testing. It is required though because the benefits of using built-in (and reuseable) validation are unavailable with the current implementation.

Having looked through form.inc to find a possible solution, it may be possible to utilize the $form_id parameter to _form_validate() to work out when run the validation after the children have been validated. The only problem I can see occurring is when there are forms within the children where $form_id is not null.

At this stage, i'd like to hear from others about their thoughts on the call ordering and from the FAPI developers on how hard it would be to do a fix.

--
Sammy Spets
Synerger Pty Ltd
http://www.synerger.com