search

crisu83 / yiistrap

Twitter Bootstrap for the Yii PHP framework.
http://www.getyiistrap.com
BSD 3-Clause "New" or "Revised" License
286 stars 176 forks source link

TbActiveForm incorrect handling of clientValidation. #307

Closed SamMousa closed 8 years ago

SamMousa commented 9 years ago

Code snippet from CActiveForm::error()

    $validators=isset($htmlOptions['clientValidation']) ? array($htmlOptions['clientValidation']) : array();
    unset($htmlOptions['clientValidation']);

TbActiveForm replaces this with:

    $validators = TbArray::getValue('clientValidation', $htmlOptions, array());

This is wrong for several reasons:

  1. The clientValidation key is not removed from the options array.
  2. CActiveForm expects a string value, TbActiveForm expects an array.

Currently this means that you cannot pass in a custom clientValidation key; if you pass a string TbActiveForm tries to implode it which will fail. If you pass an array it gets passed to TbHtml which will attempt to render it as a normal attribute (thus calling htmlspecialchars on an array).

Issue 1 can be solved by using TbArray::popValue. Issue 2 can be solved by checking the type of the "clientValidation" key.

SamMousa commented 8 years ago

Fix was merged.