NYCPHP Meetup

NYPHP.org

[nycphp-talk] Another QuickForm Bug (Hidden Element Processing)

Jayesh Sheth jayeshsh at ceruleansky.com
Thu Mar 17 13:45:18 EST 2005 

Hello all,

I have found what I think is another bug in QuickForm (QF). Here is a 
summary of it:
if a non-QF form posts a hidden value to a QF form, the QF form object  
is unable to overwrite the hidden element's value.

1) An example can be found here:
http://www.moztips.com/qf_bugs/qf_hidden_bug.php?need_login_form=yes

View the source,  and examine the hidden input fields.

Type some text, and submit the form. Scroll down to see the print_r() 
values of the output.

Submitted Form Values:

Array
(
    [my_title] => bogus text
    [hidden_value1] => This is a bogus value that should be overwritten.
    [need_login_form] => no
    [save] => Submit this form to the QF script
)

2) Then visit:
http://www.moztips.com/qf_bugs/qf_hidden_bug.php?need_login_form=no

View the source again, and submit it.

You will see that the value of the 'hidden_value2' is reset to 'This is 
a hidden value' in the second case, but not in the first.

Submitted Form Values:

 
Array
(
    [hidden_value1] => This is a hidden value.
    [hidden_value2] => This is a hidden value.
    [need_login_form] => no
    [my_title] => bogus text
    [save] => Submit this QF form for processing
)



The full source of this example follows my message. Again, am I doing 
something really stupid, am I overlooking something, or is this a bug?

Thanks in advance,

- Jay Sheth
_________________________________________________________________
<?php
// http://www.moztips.com/qf_bugs/qf_hidden_bug.php?need_login_form=yes
// 1) Access this file with qf_hidden_bug.php?need_login_form=yes
// 2) Click the Submit button
// 3) View the output:
/*
Array
(
    [my_title] => bogus text
    [hidden_value1] => This is a bogus value that should be overwritten.
    [need_login_form] => no
)
*/
// 4) hidden_value1 should have the value 'This is a hidden value.'
// 5) Using print_r($form), we see that element 2 of 
HTML_QuickForm_hidden Object contains the original text, and is not
// overwritten with the value of $hidden

/*
[2] => HTML_QuickForm_hidden Object
                (
                    [_label] =>
                    [_type] => hidden
                    [_flagFrozen] =>
                    [_persistantFreeze] =>
                    [_attributes] => Array
                        (
                            [name] => hidden_value1
                            [type] => hidden
                            [value] => This is a bogus value that should 
be overwritten.
                        )

                    [_tabOffset] => 0
                    [_tab] =>    
                    [_lineEnd] =>

                    [_comment] =>
                )
*/

// 6) Note that if you submit this form via the QuickForm form (by 
accessing qf_hidden_bug.php?need_login_form=no)
// The hidden_value2 is overwritten.
$myself = $_SERVER['PHP_SELF'];

if ( $_REQUEST['need_login_form'] == 'no' )
{
    // Load the HTML_QuickForm module
    require 'HTML/QuickForm.php';
   
    // Instantiate a new form
    $form = new HTML_QuickForm('book');
    $form->addElement('header', 'my_header', 'QuickForm Version');
    // Add a text box
    $form->addElement('text','my_title','Please enter some text:');
   
   
   
    $hidden = 'This is a hidden value.';
   
    // Add two hidden elements.
   
    // The value from $hidden will NOT be passed to hidden_value1 when 
the form is posted to using the alternate form
    // contained in the else block below.
    // Access this form with qf_hidden_bug.php?need_login_form=yes . 
Then press the submit button to see that
    // hidden_value1 is NOT set to 'This is a hidden value.'.
    $form->addElement('hidden', 'hidden_value1', $hidden);
    $form->addElement('hidden', 'hidden_value2', $hidden); // The value 
from $hidden will be passed to hidden_value2
    $form->addElement('hidden', 'need_login_form', 'no'); // Need to 
come back to this QF block after form is submitted
   
    // Add a submit button
    $form->addElement('submit','save','Submit this QF form for processing');
   
    if ( isset( $_POST['save'] ) )
    {
    echo "<pre> \$form : QF form object \n";
    print_r($form);
    echo "</pre>";
    }
   
    // Define a function to process the form data
    function process_form($v)
    {
        echo "_______________________________ <br /> Submitted Form 
Values: <pre> \n";
        print_r($v);
        echo "</pre> \n";
       
        return true;
    }
   
    // Call the processing function if the submitted form
    // data is valid; otherwise, display the form
    if ( $form->validate() )
    {
        $form->process('process_form');  
    }
    else
    {
        $form->display();
    }

}

else
{
    echo "<form action=\"$myself\" method=\"POST\"> \n";
    echo "<input type=\"text\" name=\"my_title\" value=\"bogus text\"> 
<br /> <br /> \n";
    echo "<input type=\"hidden\" name=\"hidden_value1\" value=\"This is 
a bogus value that should be overwritten.\"> <br /> \n";
    echo "<input type=\"hidden\" name=\"need_login_form\" value=\"no\"> \n";
    echo "<input type=\"submit\" name=\"save\" value=\"Submit this form 
to the QF script\"> \n ";
    echo "</form>";
}
?>

More information about the talk mailing list