Closed msbit closed 7 years ago
No rush on this one, I just noticed it when we had accidentally duplicated the password field on our submission form, so I'd managed to POST an empty password.
I feel like there might be a more Craft like way to do this? e.g.
throw new HttpException(400, Craft::t('Error here'));
..that seems to be what BaseController.php
does...might be good to follow that?
@bossanova808 that would definitely clean that up :)
Might be a bit odd for the expected JSON response in the AJAX case, but I'll take a look.
I'd dust wrap this in an is ajax thingy, return json if it is, otherwise this....
Just means that the AJAX would return a 200, so errors get handled in the success
handler on the browser. This is exactly what BaseController::returnErrorJson
does though, so maybe this is more idiomatic Craft.
That is, apparently, indeed the Craft way - in a bunch of other plugins they don't set the 400, they just returnErrorJson. I have always interprested it that the success/error stuff was about the ajax call (i..e no server errors), and the result handling was always handled therefore in success. But I am absoltuely no ajax expert, that's just the pattern I have noticed (and I only noticed it because it was confusing!)
See, even that comment is confusing!
Ha, the crazy world of interop :)
I'll get rid of the manual 400 setting and squash commits. Should get a chance later this afternoon.
Okay, there you go, cleaned about as much as it can be.
Thanks @bossanova808 👍
Check for existence of password in POST vars for
actionSaveRegistrationDetails
and return a 400 with error if not found.