Zend Framework

Zend_Validate_Identical doesn't totally respect setObscureValue(true) option

Details

  • Type: Bug Bug
  • Status: Resolved Resolved
  • Priority: Major Major
  • Resolution: Not an Issue
  • Affects Version/s: 1.10.2
  • Fix Version/s: 1.10.4
  • Component/s: Zend_Validate
  • Labels:
    None

Description

When using Zend_Validate_Identical on password fields, setting ObscureValue to true does not hide the token used to compare the value of the field in error message.

$passwd = new Zend_Form_Element_Password('passwd');
$passwd->addValidator('NotEmpty')
	->addValidator('StringLength', false, array(6, 20))
	->setRequired(true)
	->setLabel('New password')
		
$confirm = new Zend_Form_Element_Password('confirm');
$confirm->addValidator('NotEmpty')
	->addValidator('Identical')
	->setRequired(true)
	->setLabel('Confirm password');

$validator = $confirm->getValidator('Identical');
$validator->setObscureValue(true);

If the two fields are not identical the resulting error message is:

The token 'tester' does not match the given token '********'

where 'tester' is the value passed to setToken().

The error message would also be adapted when ObscureValue is set to true to a shorter one like 'The values did not match'

Activity

Hide
Permalink
Thomas Weidner added a comment -

The component works as expected.
The "value" is obscured (replaced by "*" chars).

When you need to have a different message, override the given message with your own.

Show
Thomas Weidner added a comment - The component works as expected. The "value" is obscured (replaced by "*" chars). When you need to have a different message, override the given message with your own.

People

Vote (0)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Zend Framework. Try JIRA - bug tracking software for your team.