Posting accepts blank content (space)

[OrdinaryJellyfish]

Bug Report

Current Behavior Typing nothing but spaces in the discussion composer is accepted as proper content by Flarum.

Steps to Reproduce

1. Click on the start discussion button
2. Name it whatever
3. Type nothing but a space in post content
4. Submit
5. See error

Expected Behavior I expected the composer to throw an error letting me know that such content is not accepted.

Screenshots No screenshots, but you can see it here: https://discuss.flarum.org/d/19485-blank-content

Environment

• Flarum discuss
• Chrome OS 72.0.3626.122

Possible Solution Check the post content and make sure it isn't nothing but spaces (or something like that).

[franzliedke]

Thanks for the report!

We just need to start trimming (i.e. sanitizing) certain inputs when they come in - the existing validation will then kick in.

[Sfailla]

can I work on this?

[tobyzerner]

@Stevo99 sure, thanks!

[luceos]

@Stevo99 that's very kind Steven, if there's anything we can assist with feel free to ask here or chat us up in the #internals channel on discord http://flarum.org/discord/

[Sfailla]

Im finding it really difficult to start a dev setup on my machine. Not really a PHP developer, however Im sure if I can get the dev setup running I can definitely fix the issue. So sorry Its taking me a while. Im not giving up, just figured I would let you know whrere im at.

[luceos]

@Stevo99 what OS do you use? Maybe we can give you a few pointers?

[Sfailla]

So I use Windows 10. Appreciate any help you can give me. I installed Ubuntu Linux, Apache, PHP, and Composer. I just need to install MySql and then I can try to follow the dev setup guide in Flarum Docs.

[papamarfo]

@Stevo99

1. You can install the latest version of wampSever (http://www.wampserver.com/en/) and add the bin path for php and mysql to your environmental variables so they are accessible through the command line.
2. Install Vagrant (https://www.vagrantup.com).

[tom-it]

@Stevo99 are you still going to do this?

[Sfailla]

Yea im gonna finish setting up my developer environment then try to fix this issue. If I have anymore problems I will let u know. Thanks for getting back to me with some info!

[neymar3]

Very helpfull this article, thanks.. Regards, Baaji https://aryfilms.com/ary-films/baaji/

[dsevillamartin]

How/when would we want to trim inputs? Laravel uses middleware to achieve this, which is probably the best way to approach this. We'd need to make sure extensions can add exceptions to the trimming, though (like password & password confirmation).

[franzliedke]

I'd even be open for explicit trimming where we want it, instead of whitelist, exceptions or some form of magic / guessing.

[tankerkiller125]

@datitisev Wouldn't it be better to set empty inputs to null and then check to make sure the input isn't null before accepting the content? Something like https://github.com/laravel/framework/blob/5.7/src/Illuminate/Foundation/Http/Middleware/ConvertEmptyStringsToNull.php

[dsevillamartin]

@tankerkiller125 That's part of the code I looked at before sending that comment. Both would be a better option, rather than just one. (two spaces vs one)

[davwheat]

Is this being worked on? I can still reproduce in Beta 13.

[askvortsov1]

@davwheat I don't believe any of our core devs currently are, but we are definitely open to PRs!

[OrdinaryJellyfish]

I can definitely do the middleware, but how would we go about letting extensions/core inputs add exceptions? Or is there another way, such as adding in a string filtering system (which would allow explicitly defined input trimming, but would also be a pretty big addition)?

[askvortsov1]

By trimming, do we want to trim off start/end whitespace from strings with some sort of recursive iteration through POST data, or just discard empty inputs as null? @flarum/core

[clarkwinkelmann]

If we're going to implement a middleware for this, I'd say we use exactly what Laravel uses. I think we would just need to re-implement Larave's middleware into a Zend middleware or something like that.

Though for this exact issue, we could just use the Eloquent setter to trim the incoming value. The validator works from the Eloquent model data, so we can just apply changes when setting the values and this automatically be validated. And I think with this solution extensions could hack into Eloquent's events if needed. And they can just define a different setter on custom post types.