Skip Menu |

This queue is for tickets about the Maypole CPAN distribution.

Report information
The Basics
Id: 6491
Status: resolved
Priority: 0/
Queue: Maypole
People
Owner: SIMONFLK [...] cpan.org
Requestors: jester [...] panix.com
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Wed Jun 02 17:07:50 2004 JESTER [...] cpan.org - Ticket created
Subject: Forms handling (esp. on creation)
Handling of forms through Class::DBI::FromCGI is problematic, esp. at the creation of a new object. An "add" form that fails an untaint check will not return a created object, and thus there'll be no primary key and Maypole can't retrieve the object and it hangs indefinitely. This has been kludged in the newest CVS but the solution is not acceptable; a proper solution must involve returning a user to the otherwise-filled-out form, with appropriate error reports, and not just nuking the whole process. Similarly, an "edit" action where there is an untaint failure will pre-fill the form, but with the values from the database, not with the values from the failed form-filling. In both cases, the form should be redisplayed with the data that failed to validate, and appropriate error messages. (Or, rather, these messages etc. should be available to be displayed; if you want to exclude them from your template, that's up to you.) Presumably this will involve pulling the data from the same place (the form) that instantiated FromCGI in the first place. I appreciate that this is a problem with CDBI::FromCGI (perhaps not strictly a problem; it's documented behaviour). But in the Maypole context, where we're concerned with the end-user's experience, it's important to be able to properly fill out and validate forms.
  Wed Jun 23 11:59:44 2004 Guest - Correspondence added
[JESTER - Wed Jun 2 17:07:50 2004]: Show quoted text
> Handling of forms through Class::DBI::FromCGI is problematic, esp. at > the creation of a new object. > > An "add" form that fails an untaint check will not return a created > object, and thus there'll be no primary key and Maypole can't > retrieve the object and it hangs indefinitely. This has been > kludged in the newest CVS but the solution is not acceptable; a > proper solution must involve returning a user to the otherwise- > filled-out form, with appropriate error reports, and not just > nuking the whole process. Similarly, an "edit" action where there > is an untaint failure will pre-fill the form, but with the values > from the database, not with the values from the failed form- > filling. In both cases, the form should be redisplayed with the > data that failed to validate, and appropriate error messages. (Or, > rather, these messages etc. should be available to be displayed; if > you want to exclude them from your template, that's up to you.) > Presumably this will involve pulling the data from the same place > (the form) that instantiated FromCGI in the first place. > > I appreciate that this is a problem with CDBI::FromCGI (perhaps not > strictly a problem; it's documented behaviour). But in the Maypole > context, where we're concerned with the end-user's experience, it's > important to be able to properly fill out and validate forms.
Can you just modify the object or create a Mock object, taking the values from the parameters? Will that allow this to work the right way? Or does the object have to be a "real" Maypole object, with PK and everything else, so that it can be looked up.
  Wed Nov 24 18:19:30 2004 SIMONFLK [...] cpan.org - Taken
  Tue Dec 21 15:02:51 2004 SIMONFLK [...] cpan.org - Status changed from 'new' to 'resolved'