-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[3.9.1] [com_fields] Make sure disabled fields are not added to the request at all #22923
Conversation
I have tested this item ✅ successfully on 7abc845 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22923. |
It does not work with |
What does not work? And what is different for that types? |
I get the invalid field error message. |
We added this function in #19884, which fixed some issues that checks couldn't be done if fields was loaded or not. Where exactly is the error thrown? Because the field should be added in a disabled state, so validate should not check that at all. This change is not fixing the cause. I think there is something wrong in the Controller or Form class itself. |
https://github.com/joomla/joomla-cms/blob/staging/libraries/src/Form/Form.php#L2070-L2081 |
I have tested this item 🔴 unsuccessfully on 7abc845 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/22923. |
Just run into this issue for the front-end profile.edit view in 3.9.2. I assume all components using custom fields with configurable permissions will have the same issue. An alternative solution that seems to work for me is to set the field value to null. Either always or only when the field is disabled. But I don't really know why bool(false) is selected over null, nor why the missing field values are being injected, so I can't really offer a concrete opinion over this |
This problem is also manifesting itself in Edit User Profile when we have User Fields defined as Read Only through setting the permission on Edit Custom Field on Denied. I really hope this can be fixed in next drop. |
We are awaiting an suggestion / review by @laoneo to fix the root cause. |
thx |
Seems to work as desired, Also the logic of this seems correct |
Thx for the test! |
Just a note, I found out that this does not work for the new Subfields Meaning that saving a subfields type that contains a disabled/hidden child field (due to ACL), will empty the value for that child field, instead of keeping the existing value for it |
Pull Request for Issue #22038 & #22519
Summary of Changes
Make sure disabled fields are not added to the request at all
Testing Instructions
Expected result
Error is gone
Actual result
Documentation Changes Required
none.
cc @laoneo Please let us know you opinion / technical insight here. As disabled should not be used for security we might also need to change more places too?