Ticket #1401 (new defect)

Opened 16 months ago

Last modified 2 months ago

Sapphire doesn't call any validator functions on DataObjectDecorators

Reported by: mlanthaler Owned by: sminnee
Priority: medium Milestone: 2.4.0
Component: Sapphire Framework Version:
Severity: medium effort / impact Keywords:
Cc: Hours:

Description

If the forum module is installed there are new fields when editing a member like "Occupation", "Country", or "User rating".

There is also a new field "Confirm password" which should make sure that the entered password is the expected one and the user didn't make a typo. The problem now is that the validator in ForumRole isn't executed at all so it is possible to enter two different passwords and nevertheless the system will change the password without checking it!

The bug resides in sapphire itself because it doesn't call any validator function on DataObjectDecorators.

Also GSoC ticket #32 (Ensure uniqueness of IdentityURL in OpenIDAuthenticatedRole) depends on the fix of this bug (forum thread).

Look at this and this forum thread.

Change History

  Changed 16 months ago by elijahlofgren

The problem now is that the validator in ForumRole? isn't executed at all so it is possible to enter two different passwords and nevertheless the system will change the password without checking it!

I can confirm that this is a bug using http://svn.silverstripe.com/open/modules/forum/trunk r39005 and sapphire gsoc branch r39561: Entering two different passwords or even no password at all while editing forum members via /admin/security/index/2 does not result in any errors (like it should).

This bug does not occur on the frontend, but I found and filed a usability problem: [url=http://open.silverstripe.com/ticket/1402]Ticket #1402 "Both passwords need to match. Please try again." warning is displayed inconsistently on forum register and edit pages/url

follow-up: ↓ 3   Changed 15 months ago by mlanthaler

I fixed that in the GSoC branch r40925 (also for the forum module GSoC branch r40926)

in reply to: ↑ 2   Changed 15 months ago by mlanthaler

I fixed that in the GSoC branch r40925 (also for the forum module GSoC branch r40926)

It's not the best (scalable) solution but it works for the moment and Hayden said that I should not change the core's validation behavior at the moment.

  Changed 13 months ago by sminnee

  • harvest_task set to (Unknown)
  • invoice_sent set to 0
  • milestone set to 2.2.1

  Changed 11 months ago by sminnee

  • priority changed from critical to medium
  • milestone changed from 2.2.2 feature-lock to 2.3

It seems like this is an API change better left until 2.3. We have a short-term fix.

  Changed 2 months ago by sminnee

  • milestone changed from 2.3.0 to 2.4.0

Validation is going to get an overhaul in 2.4.

Note: See TracTickets for help on using tickets.