ZF-2391: Values of Multi-Elements (select...) can be "out of range"
Description
Zend_Form currently doesn't prevent bad guys from submitting forms filled with "bad" values (not being part of the available options).
Kind regards, Thomas Gelf
Zend_Form currently doesn't prevent bad guys from submitting forms filled with "bad" values (not being part of the available options).
Kind regards, Thomas Gelf
Comments
Posted by Thomas Gelf (tgelf) on 2008-01-07T13:37:06.000+0000
Quick & dirty patch.
A more elegant variant would be overriding getValidatorChain(), adding some kind of Zend_Validate_IsArrayKey(). As the latter doesn't exist (and as I'm really lazy) I have chosen the approach shown in the attached patch file.
Cheers, Thomas
Posted by Matthew Weier O'Phinney (matthew) on 2008-01-07T13:50:02.000+0000
Please post this to the mailing list fw-mvc@lists.zend.com, and not the issue tracker. Zend_Form is in its very early stages, and not even approved as a proposal yet; sharing this on list will illicit maximum discussion during the development phase of this component.
Posted by Thomas Gelf (tgelf) on 2008-01-07T14:09:07.000+0000
Done, sent through gmane (http://article.gmane.org/gmane.comp.php.zend.frameā¦). I hope it will find it's way to the right destination (Nabble??)...