Issues

ZF-6021: Zend_Form_Element_File render wrong errorMessage when unserialized

Description

I put whole serialized form into session after !isValid, make redirect to "show"action and there check for form in session to render it with error messages populated. When there is Zend_Form_Element_File in form and validation is incorrect ... see comment in code below:

public function showInsertAction(){ .... $sess = new Zend_Session_Namespace('Model_BLL_Forms_Prispevek'); $sform = unserialize($sess->form); if (!empty($sform)) { $this->view->form = $sform; //error message is incorrect after unserialize (The file 'myFileEl' was illegal uploaded, possible attack instead of "false extension")

     unset($sess->form);
    }

... } public function insertAction(){ ... if (!@$form->isValid($this->_request->getPost())) { $form->populate($this->_request->getPost()); $sess->form = serialize($form); $onlyForTry = $form->render(); // error message is correct, but this row is only for check,

        return $this->_helper->redirector->setGoto('show-insert', 'myCon', 'admin');
    }

... }

Comments

Note that serializing a temporary fileupload is not possible. PHP itself expects in this case a "attack" as the upload was unintentionally broken (by serializing the file).

When you want to serialize only the message, then you should not serialize the whole form, but only the error message.

Something like $form->getErrorMessages() or similar.

Closing as non-issue