Issues

ZF-12119: Zend_Form_Element::filterName() removes characters which may be legal (e.g. periods, colons)

Issue Type: Bug Created: 2012-03-25T14:28:05.000+0000 Last Updated: 2013-03-13T20:55:21.000+0000 Status: Open Fix version(s): - Next Mini Release ()

Reporter: Eddo Rotman (karnaf) Assignee: Christian Albrecht (alab) Tags: - Zend_Form

Related issues: - ZF-12249

Attachments:

Description

According to W3C, form ID and NAME tokens must begin with a letter ([A-Za-z]) and may be followed by any number of letters, digits ([0-9]), hyphens ("-"), underscores ("_"), colons (":"), and periods ("."). - http://www.w3.org/TR/html4/types.html#type-cdata

Trying to create a form element with the name foo.bar makes it foobar - e.g.

<pre class="literal">
require_once 'Zend/Form/Element/Hidden.php';

$foo = new Zend_Form_Element_Hidden(array('name' => 'foo.bar'));
echo $foo->getName(); // foobar

Comments

Posted by Frank Br├╝ckner (frosch) on 2012-03-30T13:36:29.000+0000

Hi Eddo, thanks for reporting!

The patch must include:

  • an update for Zend_Form::filterName() -- names must begin with a letter ([A-Za-z]) -- hyphens ("-"), underscores ("_"), colons (":") and periods (".") must be accepted
  • updates for the unit tests: -- Zend_Form_FormTest::testSetNameNormalizesValueToContainOnlyValidVariableCharacters() -- Zend_Form_FormTest::testArrayToWhichElementsBelongCanConsistOfValidVariableCharsOnly()
  • a new unit test for the first character in the name

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts