Codeigniter: Submitting Forms - forms

How do I submit a form that can do two different things based on the URI?
For example, if the URI contains a string "new" the form will submit differently than it would if "new" were not in the URI.
I'm having trouble implementing this, as when a form is submitted, it takes the URI of whatever "form_open" says.

Altering the form_open path is probably not the way to do this. How are you using this? Does the person filling out the form affect the "new" string?
What I would do is put a hidden input on the form and set THAT value to "new". Then in the controller, use a GET to take the value of the input form, and do a simple IF / ELSE statement based off the value of that variable.
This way, you could setup several different ways to use the same form - hidden=new, hidden=old, hidden=brandnew, hiddend=reallyold could all process the form values differently, even sending them to different tables in your DB or whatever.

Kevin - I thought I'd done something like this before and I had - here's a quick look:
In routes.php:
$route['some/pathname/(:any)'] = "my_controller/my_function/$1";
Then in mycontroller.php:
function my_function($type)
{
if ($type == "new") {
do this }
elseif ($type == "update)" {
do this }
}

Related

TYPO3 Fluid Form returns old values

Am running a form using fluid with two fields, username and password. When first run, correct data is sent to the action. When different data is resubmitted, original data is sent to the controller action instead of the new values. How do I solve this problem?
EDIT: I've discovered that an array containing the user-submitted form fields and their values are obtained from the request, serialized as is and the string stored in a hidden input field called '__referrer[arguments]', which is then submitted with the form back to the user. When the user resubmits the form again with new values, the user doesn't realize that the old values are in the form, in the form of a serialized string, which is submitted together with the new values. Turns out, this is ok if no errors are reported by the validators. In that case the data is simply passed to the controller action and processing continues. But if errors are collected, processing is not sent to the controller action but is sent to the error action. The error action unserializes the old data and forwards that data (instead of the the new values) to the intended action controller. See \TYPO3\CMS\Extbase\Mvc\Controller\ActionController::forwardToReferringRequest().
EDIT: Steps to reproduce;
Create an action with one argument and create a form with one input element and a submit button. Create a validator for the element. Make it a string property. When all is said and done, start by sending a VALID value and let the form return. it will come back with no errors. but also if you look at it's hidden values, you find that the __referrer[arguments] has changes. That's because your previous values were serialized and are there. Now submit an INVALID value and check values entering your action. You'll be stunned they are the old ones.
This is weird. Currently if I disable the production of the __referrer[arguments] input field in the \TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::renderHiddenReferrerFields() method, everything works properly. How do I solve this? Please help.
Where things go wrong:
Here: \TYPO3\CMS\Extbase\Mvc\Controller\ActionController::forwardToReferringRequest() . In this method, arguments are sought from __referrer internal arguments instead of the submitted values. Normally, if errors are found, only two elements are found in the arguments form variable: controller for controller name and action for action name. This is because they were submitted originally with the form and they will recycle without changing as long as the validator finds errors. Nothing else will be added to it. This is good... until it validates. When it validates, results are sent directly to the action controller and not through the error controller. When the process goes back to the form, the object or arguments submitted will be added to the form and returned to the user. Remember it validated. When you then send a wrong value next, it goes to the error controller, but the old values (that validated) and were serialized in the __referrer[arguments] are unserialized and forwarded to your action. And that's how you end up with old values in your action. This is because it assumes that the variable carries only two values inside it; the controller and action names only. It's wrong.
Assumption:
Form post values processing seem to be built under the presumption that once a form validates, you won't need it again.
News.
The values you send are sought from extbase arguments and serialized in \TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::renderHiddenReferrerFields() method, added to the form just before presenting it to you. All TYPO3 has to do is skip your values and let the default values only be serialized. Just saw that the doc section of the function has this:
/**
* Renders hidden form fields for referrer information about
* the current controller and action.
*
* #return string Hidden fields with referrer information
* #todo filter out referrer information that is equal to the target (e.g. same packageKey)
*/
The #todo part is the news. Hope it's done in the next-patch since there are many scenarios where you want to resume the form such as in data entry.
Solution
Easiest solution: Initialize the empty argument in your action and hand the argument to the form. In my case, I use a DTO.
Example
public function accountLoginAction(DTO\Account\LoginDTO $accountLogin=null):ResponseInterface
{
if($accountLogin){
$this->repository->logon();
...
} else{
$accountLogin=DTO\Account\LoginDTO::getNewInstance();
}
$this->view->assign('object', $accountLogin);
return $this->response();
}
Hope it helps someone.

TYPO3 How do i avoid form objectID manipulation?

I would like to avoid the manipulation of the hidden field (__identify) in a form. For example the edit form. If someone goes to the inspector and change the value to another uid then the update action will actually update the manipulated value instead of the original.
Now if someone changes this to 8 then the update action will update the object with the uid 8.
Is there a way to avoid such action?
TYPO3: v9
Mode: Composer Mode
Best regards
Thanks to #Daniel Siepmann (typo3.slack.com) for pointing me to the right direction. So the answer is simple and easy to implement.
TYPO3 uses hmac for internal purposes and has a static function
called hmac under the GeneralUtility class.
Concept:
We create a hidden field in the form with a hmac string based on the uid of the object and a word of your choice. (To make the decryption more difficult for the attacker). Then on the controller we regenerate the hmac with the uid that has been passed via the form arguments to the controller and the word we previously defined. If they match, then the object can be updated. If not, then we redirect the user to another page (Error or list view, it is up to you).
How to use it:
your_extension/Classes/Controller/YourController.php
public function editAction(Object $object)
{
$hmac = GeneralUtility::hmac($object->getUid(), 'yourWord');
$this->view->assign('hmac', $hmac);
$this->view->assign('object', $object);
}
Here we generate the hmac based on the object uid and a word that you can alone specify. Then we pass it to the FrontEnd in order to add it on the hidden field and later to compare it.
VERY IMPORTANT: I would strongly recommend to use a word as well. It must be the same everywhere you use it. For me now the word is yourWord.
your_extension/Resources/Private/Templates/Edit.html
<f:form action="update" name="object" object="{object}" extensionName="ExtensionName" pageUid="{settings.flexform.pages.update.pid}" enctype="multipart/form-data">
<f:form.hidden name="hmac" value="{hmac}" />
{...}
</f:form>
Here we define the hidden field with the hmac value. We are going to compare it in the controller.
your_extension/Classes/Controller/YourController.php
public function initializeUpdateAction() {
$args = $this->request->getArguments();
/*Check if the user has not deleted the hmac hidden field*/
if ($args['hmac']) {
/*Regenerate the hmac to compare it with the one from the $args variable*/
$hmac = GeneralUtility::hmac($args['object']['__identity'], 'yourWord');
if ($hmac !== $args['hmac']) {
$this->redirect('list', 'ControllerName', 'ExtensionName', null, $this->settings['global']['error']['pid']);
}
}
else {
$this->redirect('list', 'ControllerName', 'ExtensionName', null, $this->settings['global']['error']['pid']);
}
}
Here we first evaluate if the hmac exists. The user might have deleted the hidden field to avoid the comparisson. If TYPO3 does not find any hmac in the passed arguments ($args['hmac']) then it will redirect the user to the specified page and the object won't be updated.
If TYPO3 finds a hmac, then generates another hmac with the given uid ($args['object']['__identity']) and the word you generated the previous hmac. If it does not match, that means that the user has manipulated the uid. Then TYPO3 redirects the user to the specified page and the object won't be updated.
All this could be written more elegantly but for the sake of this answer, i tried to make it short.
Best regards

Handle POST data sent as array

I have an html form which sends a hidden field and a radio button with the same name.
This allows people to submit the form without picking from the list (but records a zero answer).
When the user does select a radio button, the form posts BOTH the hidden value and the selected value.
I'd like to write a perl function to convert the POST data to a hash. The following works for standard text boxes etc.
#!/usr/bin/perl
use CGI qw(:standard);
sub GetForm{
%form;
foreach my $p (param()) {
$form{$p} = param($p);
}
return %form;
}
However when faced with two form inputs with the same name it just returns the first one (ie the hidden one)
I can see that the inputs are included in the POST header as an array but I don't know how to process them.
I'm working with legacy code so I can't change the form unfortunately!
Is there a way to do this?
I have an html form which sends a hidden field and a radio button with
the same name.
This allows people to submit the form without picking from the list
(but records a zero answer).
That's an odd approach. It would be easier to leave the hidden input out and treat the absence of the data as a zero answer.
However, if you want to stick to your approach, read the documentation for the CGI module.
Specifically, the documentation for param:
When calling param() If the parameter is multivalued (e.g. from multiple selections in a scrolling list), you can ask to receive an array. Otherwise the method will return the first value.
Thus:
$form{$p} = [ param($p) ];
However, you do seem to be reinventing the wheel. There is a built-in method to get a hash of all paramaters:
$form = $CGI->new->Vars
That said, the documentation also says:
CGI.pm is no longer considered good practice for developing web applications, including quick prototyping and small web scripts. There are far better, cleaner, quicker, easier, safer, more scalable, more extensible, more modern alternatives available at this point in time. These will be documented with CGI::Alternatives.
So you should migrate away from this anyway.
Replace
$form{$p} = param($p); # Value of first field named $p
with
$form{$p} = ( multi_param($p) )[-1]; # Value of last field named $p
or
$form{$p} = ( grep length, multi_param($p) )[-1]; # Value of last field named $p
# that has a non-blank value

Extjs Form Action Submit - Custom override?

Looking at the source code of Action.Submit, I'm trying to figure out where ext is appending the form's fields to the parameters.
Instead of sending each field as a separate parameter, I want to send something like:
formObj:{field1:value, field2:value}
Currently, each of those values are simply added to the parameter list along with any custom/baseParams.
Where are these formfields being added so that I can change this behaviour?
Thanks.
I'm not sure what your override needs to look like, but you'll probably want to look at Ext.Ajax.request() (in Core / Connection.js). When posting a form, the fields get serialized there, in this code block:
if(form = Ext.getDom(o.form)){
url = url || form.action;
serForm = Ext.lib.Ajax.serializeForm(form);
p = p ? (p + '&' + serForm) : serForm;
}
If you really want to track the process of creating parameter list, you can refer to Ext.form.Action.getParams.
You should also consider Ext.form.BasicForm.getValues as it returns exactly the result you want, the only problem is that you'll need to send it manually, e.g. using Ext.Ajax.request.

Symfony: Model Translation + Nested Set

I'm using Symfony 1.2 with Doctrine. I have a Place model with translations in two languages. This Place model has also a nested set behaviour.
I'm having problems now creating a new place that belongs to another node. I've tried two options but both of them fail:
1 option
$this->mergeForm(new PlaceTranslationForm($this->object->Translation[$lang->getCurrentCulture()]));
If I merge the form, what happens is that the value of the place_id field id an array. I suppose is because it is waiting a real object with an id. If I try to set place_id='' there is another error.
2 option
$this->mergeI18n(array($lang->getCurrentCulture()));
public function mergeI18n($cultures, $decorator = null)
{
if (!$this->isI18n())
{
throw new sfException(sprintf('The model "%s" is not internationalized.', $this->getModelName()));
}
$class = $this->getI18nFormClass();
foreach ($cultures as $culture)
{
$i18nObject = $this->object->Translation[$culture];
$i18n = new $class($i18nObject);
unset($i18n['id']);
$i18n->widgetSchema['lang'] = new sfWidgetFormInputHidden();
$this->mergeForm($i18n); // pass $culture too
}
}
Now the error is:
Couldn't hydrate. Found non-unique key mapping named 'lang'.
Looking at the sql, the id is not defined; so it can't be a duplicate record (I have a unique key (id, lang))
Any idea of what can be happening?
thanks!
It looks like the issues you are having are related to embedding forms within each other, which can be tricky. You will likely need to do things in the updateObject/bind methods of the parent form to get it to pass its values correctly to its child forms.
This article is worth a read:
http://www.blogs.uni-osnabrueck.de/rotapken/2009/03/13/symfony-merge-embedded-form/comment-page-1/
It gives some good info on how embedding (and mergeing) forms work. The technique the article uses will probably work for you, but I've not used I18n in sf before, so it may well be that there is a more elegant solution built in?