newhck / php-form-builder-class

Automatically exported from code.google.com/p/php-form-builder-class
GNU General Public License v3.0
0 stars 0 forks source link

[SECURITY] The validation of the field "file" does not work when the name attribute is array syntax #162

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
Hello,
Here is an example of code that does not work with validation

$form->addElement(new PFBC\Element\File('Photo(s)', 'files[]', 
array('description'=>'Add some photos.', 'multiple'=>'multiple', 
'required'=>1)));  

If the field is blank, the form is still sent though the field is required.

Can you fix this gaping security hole.
Thank you

P.S. I use pfbc2.3-php5.3

Original issue reported on code.google.com by pierrehe...@gmail.com on 7 Mar 2012 at 3:54

GoogleCodeExporter commented 8 years ago
Thanks for the feedback.  r558 should fix this bug - 
http://code.google.com/p/php-form-builder-class/source/detail?r=558

- Andrew

Original comment by ajporterfield@gmail.com on 12 Mar 2012 at 1:41