Closed (duplicate)
Project:
Drupal core
Version:
5.0-beta1
Component:
node.module
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
11 Nov 2006 at 04:52 UTC
Updated:
8 Apr 2011 at 12:21 UTC
I just noticed this problem with the node_type form, but it's probably happening elsewhere that all form values are saves from settings pages, user edit page, etc.
to reproduce this particular manifestation of the more general bug- look in your database at the variables table. Add a new content type "foo". You'll see that variables now saved to the variable table with the name "form_token_foo" and 'op_foo'. Obviously this relates to new form values in the recent security update as well as the 5.x change of putting 'op' in the $form_values.
This occurs because of this code (note code truncated for clarity):
function node_type_form_submit($form_id, $form_values) {
...
// Remove everything that's been saved already - whatever's left is assumed
// to be a persistent variable.
foreach ($form_values as $key => $value) {
if (isset($type->$key)) {
unset($form_values[$key]);
}
}
unset($form_values['type_display'], $form_values['old_type'], $form_values['orig_type'], $form_values['submit'], $form_values['delete'], $form_values['reset'], $form_values['form_id']);
// Save or reset persistent variable values.
foreach ($form_values as $key => $value) {
$key .= '_'. $type->type;
if ($op == t('Reset to defaults')) {
variable_del($key);
}
else {
if (is_array($value)) {
$value = array_keys(array_filter($value));
}
variable_set($key, $value);
patch attached that fixes this particular function- a broader fix should be considered
This is similar to the problem with the user edit form outlined here: http://drupal.org/node/79804
IMHO, the real problem is that these core modules need to be updated to fully use the Forms API so that all modules adding form elements add their own _submit function for the form. Assuming that it's the responsibility of node_type_form_submit or any other form's submit function to save any/all unknown form values into the database strikes me as NOT ROBUST: http://lists.drupal.org/pipermail/development/2006-October/020342.html
| Comment | File | Size | Author |
|---|---|---|---|
| unset_content_types_fv_diff_0.txt | 955 bytes | pwolanin |
Comments
Comment #1
pwolanin commentedswitching component to node module, since that's what the patch is for.
Comment #2
profix898 commented+1 one on not saving form_tokens etc. to the 'variable' table.
I just found this issue, but there is another (related) issue regarding $form_values of the node_type_form, see http://drupal.org/node/88633
I really hope we can fix both before RC1.
Comment #3
pwolanin commentedduplicate with: http://drupal.org/node/88633