JocelynDelalande
commented
9 years ago @TheCapsLock Thanks! Speaking with @opi we don't see major security improvement to do the same check as the db types before. But opi improved some validations (phone number).
At this point, we don't consider this issue as a security one, but as a « UI & comfort » issue (returning a better error than 500), but we are open to more input to review our opinion.
If you manipulate DOM inputs to change their types, you are able to submit the form.
There is no checks and an attempt to save them to database results into an Internal Server Error.
example : number fields changed to text ones and enter any non-number data to reproduce this.