[#ZF-6021] Zend_Form_Element_File render wrong errorMessage when unserialized - Zend Framework Issue Tracker

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Not an Issue
Affects Version/s: 1.7.6
Fix Version/s: 1.10.0
Component/s: Zend_Form
Labels:
None

Tags:
- files

Description

I put whole serialized form into session after !isValid, make redirect to "show"action and there check for form in session to render it with error messages populated. When there is Zend_Form_Element_File in form and validation is incorrect ... see comment in code below:

public function showInsertAction(){
....
$sess = new Zend_Session_Namespace('Model_BLL_Forms_Prispevek');
$sform = unserialize($sess->form);
if (!empty($sform)) { $this->view->form = $sform; //error message is incorrect after unserialize (The file 'myFileEl' was illegal uploaded, possible attack instead of "false extension") unset($sess->form); }
...
}
public function insertAction(){
...
if (!@$form->isValid($this->_request->getPost()))

{ $form->populate($this->_request->getPost()); $sess->form = serialize($form); $onlyForTry = $form->render(); // error message is correct, but this row is only for check, return $this->_helper->redirector->setGoto('show-insert', 'myCon', 'admin'); }

...
}

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Thomas Weidner added a comment - 12/Nov/09 12:51 PM

Note that serializing a temporary fileupload is not possible.
PHP itself expects in this case a "attack" as the upload was unintentionally broken (by serializing the file).

When you want to serialize only the message, then you should not serialize the whole form, but only the error message.

Something like $form->getErrorMessages() or similar.

Show

Thomas Weidner added a comment - 12/Nov/09 12:51 PM Note that serializing a temporary fileupload is not possible. PHP itself expects in this case a "attack" as the upload was unintentionally broken (by serializing the file). When you want to serialize only the message, then you should not serialize the whole form, but only the error message. Something like $form->getErrorMessages() or similar.

Hide

Permalink

Thomas Weidner added a comment - 13/Nov/09 9:38 AM

Closing as non-issue

Show

Thomas Weidner added a comment - 13/Nov/09 9:38 AM Closing as non-issue

People

Assignee:

Thomas Weidner

Reporter:

Ing. Jitka Darbujanova

Vote (0)

Watch (0)

Dates

Created:

13/Mar/09 7:42 AM

Updated:

13/Nov/09 9:39 AM

Resolved:

13/Nov/09 9:38 AM