> Hi, I'm having some trouble with validating a CompoundFormField, and > I'm not sure how to proceed. As an example of my problem, take this > controller:
> > Hi, I'm having some trouble with validating a CompoundFormField, and
> > I'm not sure how to proceed. As an example of my problem, take this
> > controller:
> Hi, I'm having some trouble with validating a CompoundFormField, and > I'm not sure how to proceed. As an example of my problem, take this > controller:
why you do this with a compound? is only an example i hope.
i cannot see the error. any way if i'm not wrong the problem is validation system, i'm not sure the CompoundWidget can use validation in this manner...
Glauco
-- +------------------------------------------------------------+ Glauco Uri glauco(at)sferacarta.com
Sfera Carta SoftwareŽ info(at)sferacarta.com Via Bazzanese,69 Casalecchio di Reno(BO) - Tel. 051591054 +------------------------------------------------------------+
> Patrick Lewis ha scritto:
> > Hi, I'm having some trouble with validating a CompoundFormField, and
> > I'm not sure how to proceed. As an example of my problem, take this
> > controller:
> why you do this with a compound? is only an example i hope.
> i cannot see the error.
> any way if i'm not wrong the problem is validation system,
> i'm not sure the CompoundWidget can use validation in this manner...
> Glauco
It's an example, but it relates to a real problem that we are seeing
in TGCaptcha. TGCaptcha does essentially the same thing, but with a
bit more complicated CompoundFormField and Schema. However, the error/
behavior is similar to what is in the example. If someone crafts an
url or form without the entire captcha field, then validation seems to
skip the widget, and passes it on to the destination controller as if
the captcha was successful.
> On Nov 27, 4:16 am, Glauco <gla...@sferacarta.com> wrote: > > Patrick Lewis ha scritto: > > > Hi, I'm having some trouble with validating a CompoundFormField, and > > > I'm not sure how to proceed. As an example of my problem, take this > > > controller:
> > why you do this with a compound? is only an example i hope.
> > i cannot see the error. > > any way if i'm not wrong the problem is validation system, > > i'm not sure the CompoundWidget can use validation in this manner...
> > Glauco
> It's an example, but it relates to a real problem that we are seeing > in TGCaptcha. TGCaptcha does essentially the same thing, but with a > bit more complicated CompoundFormField and Schema. However, the error/ > behavior is similar to what is in the example. If someone crafts an > url or form without the entire captcha field, then validation seems to > skip the widget, and passes it on to the destination controller as if > the captcha was successful.
Looks like a bug then - can you file a ticket? The coolest thing would be a short demo-app that exposes the desired behavior, by e.g. having two or three links in the welcome-template that one could test. Or - even better - tests in the project, I would then try and see if I can rework them into the core tests.
> On Tuesday 27 November 2007 15:58:21 Patrick Lewis wrote:
> > On Nov 27, 4:16 am, Glauco <gla...@sferacarta.com> wrote:
> > > Patrick Lewis ha scritto:
> > > > Hi, I'm having some trouble with validating a CompoundFormField, and
> > > > I'm not sure how to proceed. As an example of my problem, take this
> > > > controller:
> > > why you do this with a compound? is only an example i hope.
> > > i cannot see the error.
> > > any way if i'm not wrong the problem is validation system,
> > > i'm not sure the CompoundWidget can use validation in this manner...
> > > Glauco
> > It's an example, but it relates to a real problem that we are seeing
> > in TGCaptcha. TGCaptcha does essentially the same thing, but with a
> > bit more complicated CompoundFormField and Schema. However, the error/
> > behavior is similar to what is in the example. If someone crafts an
> > url or form without the entire captcha field, then validation seems to
> > skip the widget, and passes it on to the destination controller as if
> > the captcha was successful.
> Looks like a bug then - can you file a ticket? The coolest thing would be a
> short demo-app that exposes the desired behavior, by e.g. having two or three
> links in the welcome-template that one could test. Or - even better - tests
> in the project, I would then try and see if I can rework them into the core
> tests.
> Diez
In putting together some tests, I ran into something interesting
(well, for me anyways). If I explicitly name the widget in the method
parameters, everything works as expected. So, if I change my example
save controller to:
> On Nov 27, 10:10 am, "Diez B. Roggisch" <de...@web.de> wrote: >> On Tuesday 27 November 2007 15:58:21 Patrick Lewis wrote: >>> On Nov 27, 4:16 am, Glauco <gla...@sferacarta.com> wrote: >>>> Patrick Lewis ha scritto: >>>>> Hi, I'm having some trouble with validating a CompoundFormField, and >>>>> I'm not sure how to proceed. As an example of my problem, take this >>>>> controller: >>>>> http://paste.turbogears.org/paste/1776 >>>>> This url succeeds (with validation): >>>>> http://localhost:8080/save?mywidget.hidden=1&mywidget.number=2 >>>>> and these fail validation (as they should), redirecting back to index >>>>> http://localhost:8080/save?mywidget.hidden=1&mywidget.number=foo >>>>> http://localhost:8080/save?mywidget.hidden=&mywidget.number=2 >>>>> http://localhost:8080/save?mywidget.number=2 >>>>> But this url doesn't fail at all, and goes straight to the save >>>>> method, apparently bypassing validation. >>>>> http://localhost:8080/save >>>>> Any thoughts as to what's going on here? >>>> why you do this with a compound? is only an example i hope. >>>> i cannot see the error. >>>> any way if i'm not wrong the problem is validation system, >>>> i'm not sure the CompoundWidget can use validation in this manner... >>>> Glauco >>> It's an example, but it relates to a real problem that we are seeing >>> in TGCaptcha. TGCaptcha does essentially the same thing, but with a >>> bit more complicated CompoundFormField and Schema. However, the error/ >>> behavior is similar to what is in the example. If someone crafts an >>> url or form without the entire captcha field, then validation seems to >>> skip the widget, and passes it on to the destination controller as if >>> the captcha was successful. >> Looks like a bug then - can you file a ticket? The coolest thing would be a >> short demo-app that exposes the desired behavior, by e.g. having two or three >> links in the welcome-template that one could test. Or - even better - tests >> in the project, I would then try and see if I can rework them into the core >> tests.
>> Diez
> In putting together some tests, I ran into something interesting > (well, for me anyways). If I explicitly name the widget in the method > parameters, everything works as expected. So, if I change my example > save controller to:
> I guess I don't know what the proper/expected behavior should be. Is > this still a bug?
I'd say so, yes - because when for whatever reason there need to be properly named parameters, there should at least warnings if not more in case you don't supply them.
On Nov 29, 4:15 am, "Diez B. Roggisch" <de...@web.de> wrote:
> Patrick Lewis schrieb:
> > I guess I don't know what the proper/expected behavior should be. Is
> > this still a bug?
> I'd say so, yes - because when for whatever reason there need to be
> properly named parameters, there should at least warnings if not more in
> case you don't supply them.
