Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#5829 closed defect (fixed)

Gajim allows submitting invalid forms

Reported by: Zash Owned by:
Priority: normal Milestone: 0.14
Component: None Version: hg
Severity: normal Keywords:
Cc: mwild1@… Blocked By:
Blocking: OS: All

Description

Bug description

Gajim lets you submit invalid forms, eg with empty required values.

Steps to reproduce

Find form with some required fields and try to submit it empty.

Tested with prosodys mod_adhoc_cmd_admin

Change History (8)

comment:1 Changed 6 years ago by MattJ

  • Cc mwild1@… added

I don't think the issue is that required fields can't be empty - I'm sure it's possible to include a text field in a response that is empty.

However the fields in this case were JID fields, and they are meant to be valid JIDs - an empty string is not such.

comment:2 Changed 6 years ago by Yann Leboulanger <asterix@…>

  • Milestone set to 0.14
  • Resolution set to fixed
  • Status changed from new to closed

(In [dcfcc510f395]) check jid-single and jid-multi fields when filling ad-hoc commands. Fixes #5829

comment:3 Changed 6 years ago by Florob

  • Resolution fixed deleted
  • Status changed from closed to reopened

As discussed in the GC text fields may indeed be empty as in "They can contain an empty string". The however must have a value (i.e. <value></value>) if they are required. Gajim currently returns no <value/> element at all if a text field is empty. While untested I think similar things apply to list-* fields, which you might be able to return even though you haven't made a selection (obviously this also only applies if they are <required/>).

comment:4 Changed 6 years ago by Yann Leboulanger <asterix@…>

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [f9be1dbc2ec9]) always send at least an emtpy <value> for every required fields when we send a dataform. Fixes #5829

comment:5 Changed 6 years ago by Florob

  • Resolution fixed deleted
  • Status changed from closed to reopened

I did speifically talk about list-* fields for a reason... They obviously need to return one of the provided values and NOT just an empty value when required... A good idea might be to choose the first value as default and let the user change it when desired.

comment:6 Changed 6 years ago by asterix

I choosed to not to a default selection if server doesn't send us a default <value>, but check that user did a selection before sending form.

comment:7 Changed 6 years ago by Yann Leboulanger <asterix@…>

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [297a65a8907e]) check that user made a selection in a list-* field if it's required. Fixes #5829

comment:8 Changed 6 years ago by Yann Leboulanger <asterix@…>

(In [54ed92b70c51]) always send at least an emtpy <value> for every required fields when we send a dataform. Fixes #5829

Note: See TracTickets for help on using tickets.