Closed (fixed)
Project:
Drupal core
Version:
x.y.z
Component:
forms system
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
16 Sep 2006 at 20:17 UTC
Updated:
16 Oct 2006 at 11:46 UTC
Jump to comment: Most recent file
When multistep was first written, we had an unset($_POST['edit']) and that stopped running validate and submit on the new form. As this should not happen, we now explicitely tell drupal_process_form that this is a multistep form and how to act on it.
This is critical because at certain circumstances this can cause submit to be called without validating. Thanks to neclimdul for catching this.
| Comment | File | Size | Author |
|---|---|---|---|
| #6 | multistep_2.patch | 382 bytes | chx |
| #3 | multistep_1.patch | 2.08 KB | chx |
| multistep_0.patch | 1.65 KB | chx |
Comments
Comment #1
neclimdulThanks, this fixes my problem.
Comment #2
neclimdulThis does exatly as it says and fixes the problem. Looks good so RTBC.
Comment #3
chx commentedOn Steven's advice, the variable is renamed better doxygen is used and I found out some defines, too. Functionality is the same, just it's easier to understand.
Comment #4
AjK commentedApplied and tested, looks good. I'd mark critical and RTBC but it already is.
Comment #5
dries commentedCode looks screwy (line-breaks). Looks a bit hack-ish to me.
Comment #6
chx commentedDries, In your wisdom we are humbled -- this was a hack indeed. Let's see this version.
Comment #7
webchickadding to my review queue.
Comment #8
eaton commentedQuite the simple fix -- and it seems to work well on my 5.0 test site. I've run it htrough several multistep and single-step forms and all works as expected. Further testing to follow..
Comment #9
eaton commentedThat includes *commenting on a poll* btw, the case the most obviously broke theform handling code. I'm RTBC'ing this.
Comment #10
drummI think this is a good idea, but am having trouble understanding it.
What exact problem is reproducible? The original post only mentions "certain circumstances." The last update mentions "commenting on a poll," but I couldn't find any issues with this. Do I need to change my commenting options?
The original post says "can cause submit to be called without validating," but the actual patch seems to remove a validation step.
Comment #11
eaton commenteddrumm,
My comment about comments was a bit of a red herring; it was instead a reference to some behaviour that we were trying to avoid (problems with multiple forms on a page simultaneously...) Sorry for the confusion.
Here's a quick overview of the problem:
1) I create a multistep form, and pop it open in my browser. I fill out all the fields and click SUBMIT.
2) drupal_get_form() reconstructs the first step of the form and calls drupal_process_form(), validating and submitting the data.
3) drupal_get_form() now builds the second step of the form -- and calls drupal_process_form() again. Because both steps share a form_id, the validation code thinks that this step has already been validated. It skips validation, and hops directly to the submit function. Whoops.
In reality, we should never be doing the validate/submit cycle for that second display-only form case. Thus, we can replace drupal_process_form() with drupal_prepare_form() in that portion of drupal_get_form(). That preps it for rendering, but does NOT validate or submit any of its fields.
Comment #12
chx commentedNote that it is not a solution to not skip validation the solution is not to run validation/submit at all
Comment #13
chx commentedMore, because my explanation does not say "why".There is excellent explanation at http://jeff.viapositiva.net/drupal/dynamic-forms
Comment #14
dries commentedCommitted to CVS HEAD. Thanks.
Comment #15
(not verified) commented