Uploaded image for project: 'Tapestry'
  1. Tapestry
  2. TAPESTRY-2547

Field validation is bypassed if form action url is used as a GET url

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 5.0.13
    • None
    • tapestry-core
    • None

    Description

      We have a form, the simpliest one is ok, say this one on "TestPage" page :
      <t:form>
      <t:textfield t:id="field" t:validate="required" t:value="value" />
      <t:submit/>
      </t:form>

      This form is supposed to required a a non empty value for value.
      All goes fine if we click on ok, but if a twisted tester try to enter directly the action url in the browser ( t5app/testpage.form), the field level validation are bypassed (but all form events are throws and so the one done in "onValidateFormFrom" arecorrectly performed).

      The result is that the form may be successful with inconsistent data, in our case a null value.

      Attachments

        Issue Links

          is part of

          Bug - A problem which impairs or prevents the functions of the product. TAPESTRY-2563 Tapestry should reject form submissions that aren't via POST or don't contain t:formdata, as likely hack attempts

          • Major - Major loss of function.
          • Closed

          Activity

            People

              hlship Howard Lewis Ship
              fanf42 Francois Armand
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: