diff options
| author | Dries Buytaert <dries@buytaert.net> | 2002-05-26 09:23:46 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2002-05-26 09:23:46 +0000 |
| commit | 4191481453a6fc68821ed91ab404f19d062c8eef (patch) | |
| tree | 13f7f96b991098b30f4eb7bc1ebe302accca5676 | |
| parent | ad83b449f7bdf3c3dc4479e1a0e1d78cf248027b (diff) | |
| download | brdo-4191481453a6fc68821ed91ab404f19d062c8eef.tar.gz brdo-4191481453a6fc68821ed91ab404f19d062c8eef.tar.bz2 | |
- Bugfix: just before submitting a node, one could change the content of
that node to something that would not have passed the preview pages.
Patch by Revar:
"If you uploaded a valid file, and filled out the form right, you will
get a Submit button. The problem comes in when you choose a different
file to upload, and then click Submit. The filestore_save() function
cannot do proper validation and handling of the form data, as it only
returns a list of what node fields to save. On error, a node entry is
still created, but with only the nid field set. The user can't be
forced to fix their bad entry."
"Add a _form_validate() node hook to process and validate any form
results. That way even on Submit, the node code would check the
validity of the data, and if bad, it could drop you back to the preview
screen with the current bad data warnings. Have it return an array of
errors that can be passed in as $error to the _form() hook. If it
returns a null array, then there's no errors, and the submit can go
through."
| -rw-r--r-- | modules/node.module | 27 | ||||
| -rw-r--r-- | modules/node/node.module | 27 |
2 files changed, 48 insertions, 6 deletions
diff --git a/modules/node.module b/modules/node.module index 702479db7..e75660f55 100644 --- a/modules/node.module +++ b/modules/node.module @@ -755,11 +755,20 @@ function node_validate($node, &$error) { } + /* + ** Do node type specific validation checks. + */ + + $function = $node->type ."_validate"; + if (function_exists($function)) { + $node = $function($node, $error); + } + return $node; } -function node_form($edit) { +function node_form($edit, $error = NULL) { /* ** Save the referer. We record where the user came from such that we @@ -772,7 +781,10 @@ function node_form($edit) { ** Validate the node: */ + if (!$error) { + /* Only validate if we don't already know the errors. */ $edit = node_validate($edit, $error); + } /* ** Generate a teaser when necessary: @@ -932,7 +944,7 @@ function node_edit($id) { return $output; } -function node_preview($node) { +function node_preview($node, $error = NULL) { if (!user_access("post content")) { return message_access(); @@ -991,7 +1003,7 @@ function node_preview($node) { node_view($view); - return node_form($node); + return node_form($node, $error); } function node_submit($node) { @@ -1002,6 +1014,7 @@ function node_submit($node) { } $context->tid = $tid; + if (user_access("post content", $context)) { /* @@ -1011,6 +1024,14 @@ function node_submit($node) { $node = node_validate($node, $error); /* + ** If something went wrong, go back to the preview form: + */ + + if ($error) { + return node_preview($node, $error); + } + + /* ** Create a new revision when required: */ diff --git a/modules/node/node.module b/modules/node/node.module index 702479db7..e75660f55 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -755,11 +755,20 @@ function node_validate($node, &$error) { } + /* + ** Do node type specific validation checks. + */ + + $function = $node->type ."_validate"; + if (function_exists($function)) { + $node = $function($node, $error); + } + return $node; } -function node_form($edit) { +function node_form($edit, $error = NULL) { /* ** Save the referer. We record where the user came from such that we @@ -772,7 +781,10 @@ function node_form($edit) { ** Validate the node: */ + if (!$error) { + /* Only validate if we don't already know the errors. */ $edit = node_validate($edit, $error); + } /* ** Generate a teaser when necessary: @@ -932,7 +944,7 @@ function node_edit($id) { return $output; } -function node_preview($node) { +function node_preview($node, $error = NULL) { if (!user_access("post content")) { return message_access(); @@ -991,7 +1003,7 @@ function node_preview($node) { node_view($view); - return node_form($node); + return node_form($node, $error); } function node_submit($node) { @@ -1002,6 +1014,7 @@ function node_submit($node) { } $context->tid = $tid; + if (user_access("post content", $context)) { /* @@ -1011,6 +1024,14 @@ function node_submit($node) { $node = node_validate($node, $error); /* + ** If something went wrong, go back to the preview form: + */ + + if ($error) { + return node_preview($node, $error); + } + + /* ** Create a new revision when required: */ |