Symfony 2 form validate - forms

I have a simple form without a entity that I use to send emails. Now I was testing in firefox and if I leave a field empty I will get a message. But now if I open the same form in Safari (that ignores required proprty) I won't get any message. The form->isValid() returs true even when I leave all fields blank...
How to validate this?

The in-browser validation is just a time saver to avoid a request to a server when a field is blank, but it's not a proper validation because it can be disabled on the browser level. You still should validate on the server side.
See this section — you need the NotBlank constraint.

Related

How create cHash for an extbase action link

I need a link for an action, which I could send per email.
This works fine with using the viewhelper "f:link.action". Here an example:
<f:link.action action="changePw" id="changePw" absolute="true" arguments="{email : uSetup.uEmail, user : uSetup.uName}"></f:link.action>
Now I have the problem, that in the used form, the user can update his email. In this case, the link is not useful, because it includes the old email address and not the new one, which would be required!
I have looked for hours, but I could not find any useful solution.
The best would be, if could create the link in a php programm and than run a Typo3 php routine, which is creating me the required cHash value. For security resons, I would not switch off the cHash feature.
Is there a Typo3 function, which could create me the cHash value?
The other way, would be to update the viewhelper, that it is using the actual value from the email textfield. But how could I do it?
Thanks in advance for your support.
A cHash is generated automatically if you generate an URL.
Data can be transfered from the client to the server in two ways: GET and POST parameters.
If you want to protect these parameters you secure them with a cHash. the hash represents a list of static parameters. These are replaced on server side overwriting any values coming from the client.
so it is clear: you can't use a value in the cHash if that value could be changed in a form. you need to exclude the emailadress from cHash for the form where the email can be changed.
You might define an alternative field (other name => other URL parameter) where a new email can be inserted and after the submit the email could be updated by the alternative field.

Is there a way to remove field value using model in CakePHP?

I'm developing an application in CakePHP 2.7 and I have a form where that sends off an Ajax request from a file input and returns some information. This information is then stored inside a hidden form field.
I have a custom validation rule that checks against the hidden field and another to see if both have been submitted as the system can only handle one. When the validation rule returns false it flags up an invalidate message to notify the user of the issue. However now I am left with an issue where the hidden field still contains a value and so does the other field the user filled out but I can't remove the value from the hidden field.
Is there any way I can remove the value from the hidden field inside the model?
I have looked at this question on StackOverflow but it wasn't successsful in helping and dates back to an earlier version of CakePHP based on the date of the question.

has_secure_password breaks unrelated attribute validation

I have a very similar issue than this one. I recently added has_secure_password to my User model. Everything is working great, except when I try to create a user from Facebook, which have a :friends attribute. In this case, i have this error when I try to #user.save!
> Validation failed: Friends is invalid
FB user creation was working perfectly before I added has_secure_password, and is still working when I save the users with #user.save(validate: false)
Once the user is already created and present in the database, the #user.save! method is working and the :friends are validated.
I also have a validates :password, length:{minimum:8}, on: :create in my User model, but the friends validation is still triggered even if I remove this line.
I could add a has_facebook? condition in my controller to completely skip any kind of validation when I try to create a user from FB, but I really want to understand why has_secure_password validation is triggered for something seemingly unrelated.
The validation message sounds strange.
But in documentation you see, that has_secure_validation adds a presence validation on password on create. So I think you somehow overwrite that validation message.
To say something more concrete I would need to see more of your code.
So documentation sais:
For further customizability, it is possible to supress the default validations by passing validations: false as an argument.
http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html
I would assume, you set validations to false and care yourself about them. So you can require password only, when it's not a facebook registration.

Translate the text error required fields in a form with Symfony2

I'm developing an application with Symfony2 and I try to translate texts form validation (required). Validation is done by the browser and I get eg "Veuillez renseigner ce champs" I wish I could translate the customer or switch also navigation.
My forms are made with buidform.
Thank you in advance for your help
Olivier
If you are referring to the browser validation raised when a field has an attribute required, this does not depend on symfony. I'm not sure you can set a language for these messages as they are generated by the user's browser.
A solution for you might be to disable browser validation (ie set required to false in your formBuilder fields) and rely on Assertions in you entities whose messages you can customise, you'll find more about this here.

How to deal with URL in browser which is changed to form action value after wrong data is submitted?

The question is generally language/framework agnostic but if it matters I work with Grails and most interested in grails specific solution if such exists.
There's a form mapped to URL: /foo/create. When user type in this URL to his browser the form is shown.
Form action attribute directs to /foo/save and has method POST. If saving is successful, then standard post-redirect-get pattern is applied, and user is redirected to /foo/show.
But, if user specified incorrect data, they should see the same form again with error messages and all their data preserved. To implement this behavior, I do forward to the controller which produces the form (the same is mapped to /foo/create).
After that user sees the form with data and error messages, but URL field is changed in browser to /foo/save. And if user change focus to URL field and press enter - 404 will be shown (because nothing is mapped to /foo/save + method=GET pair).
The long story short: URL /foo/save is shown in a browser (as there were no redirection after form was submitted) but it directs to nowhere if accessed by HTTP GET method.
How to deal with this situation? Surely, I can map something to /foo/save but I wonder if there's a way not to change URL shown in a browser after form with wrong data was submitted?
Two approaches:
The form submits to itself, i.e. /foo/create submits to /foo/create, only if successful the page is redirected to /foo/show. This should use a post-redirect-get cycle as well and store the submitted data in the session, but could be a simple POST without redirect.
/foo/save always redirects again, either to /foo/create if the data was invalid or to /foo/show if the data was valid. This will always use a post-redirect-get cycle with the data saved in the session.