Open arogachev opened 1 year ago
I see two potential outcomes:
FYI, in symfony such cases generate exceptions not violations (e.g. https://github.com/symfony/validator/blob/6.2/Constraints/BicValidator.php#L69)
I don't think it is a correct behavior since validator is meant to validate data that could be incorrect, not to throw exceptions.
Exceptions should only be thrown if the error is not caused by the user input itself, but it is hard to figure out when this is the case.
Example: String Validator Max Length=30 gets an array. On a HTML form with a normal input field this can not happen so if this happens we can not tell the user to "please do not enter an array here". This somehow ended up in the program so it should be an exception.
But figuring out in which cases to throw an exception or provide validation error is a tricky thing. I'll try to think about possible solutions.
On a HTML form with a normal input field this can not happen so if this happens we can not tell the user to "please do not enter an array here".
If that won't happen, why should we worry?
Example: String Validator Max Length=30 gets an array. On a HTML form with a normal input field this can not happen so if this happens we can not tell the user to "please do not enter an array here". This somehow ended up in the program so it should be an exception.
Two reasons:
1) User pass array instead of string (little hacker 😎). Technial message "please do not enter an array here" is OK.
2) Programmer don't prepare user input… But it's business logic. If programmer want prepare data — let him do it.
In case of "little hacker" it's better to additionally log such request
In case of "little hacker" it's better to additionally log such request
My thoughts for implementation:
1) Add to validation errors property code
with unique code by each error types (uuid ?). It's necessary in order to distinguish specific messages (e. g., message about string is more length).
2) Add to validation errors ability set flags (e. g., "unsupported value type").
3) Create validator decorator, that will be process validation errors and do what the programmer wants (log when has errors "unsuported value type" or something else).
Extracted from https://github.com/yiisoft/validator/issues/492#issuecomment-1422471435. This was discussed before. The topic raised again by @cebe.
Related - #526.