New 'behavior.inputLimitTest' for checks the setting of php max_input_vars#7581
New 'behavior.inputLimitTest' for checks the setting of php max_input_vars#7581Fedik wants to merge 8 commits intojoomla:stagingfrom
Conversation
|
I like it 👍 |
|
But this will not work with 3pd extensions will it? On 29 July 2015 at 18:36, Dimitris Grammatiko notifications@github.com
Brian Teeman |
There was a problem hiding this comment.
"... website is close.."
There was a problem hiding this comment.
thanks!
I thought about ... and current form is close to that limit or has reached ..., what you think?
|
I prefer the original plugin approach of having both a warning and a fail message. |
|
@brianteeman 3pd extension developer need just add |
|
I have tested this and can confirm that it works BUT I really dont like that we just have one message that covers approaching the limit and being over the limit which is always a warning box. People ignore warnings. My 2c is that this really needs to have separate warning and error messages |
|
Looking into this a little further after some previous comments we should probably also check suhosin.request.max_vars and 'suhosin.post.max_vars AND if we are ABOVE the limit then with the approach you are using it would be best if we quit the submit form and redirect to the manager view and displayed the error message. Perhaps with
|
|
About these two strings, they are big and difference only 2-3 word, so I thought maybe more simple/efficient use the one common string 😉 About
if need we can prevent the form submission for specific tasks (save, apply), what you mean with |
|
This is the scenario. open a new module for editing This prevents you from entering data that will be lost. |
|
hm hm, I just realised that make redirect even more complicated in realisation, so maybe we just display another error when user push save/apply? |
|
The message should get displayed as messages are queued. Something like this code should work
|
|
Also just realised that because this is in the view you will need to update the hathor template overrides as well |
|
@brianteeman but we do all thing on the client side, where no PHP 😉 |
|
Then I would suggest it is not the right approach ;) (very many php applications do it in their own applications) |
|
well, I will try add some changes for prevent form submission, then we'll see 😉 |
|
Have a look at this code from prestashop - should help |
|
thanks! |
I wouldn't force a redirect. It would prevent sending the form, yes. But it would also prevent just reading what is there. Personally, I would have preferred it to be in the submitform, submitbutton or formvalidate code somewhere, since that would work for any form from any extensions without adding specific code. But it would only work after the user entered the data and tried to save. Which is indeed not optimal. However it would allow to prevent sending the data and actually loose it. |
|
ok, so last changes:
|
|
Hello i am also using code to detect max_input_vars limitation (and suhosin limitations) and if found then serialize the form and submit it via AJAX (it works if form does not have file fields) i am using this in various forms, modules and in component configuration (com_config) about this plugin, it is very good idea just i want to note that using form.length to estimate the form fields does not exclude the
also
this way the form's real size is over estimated and can be quite wrong, and it will prevent submiting and saving forms that can be saved |
|
if you would use jQuery this should give a better count (it will over-estimate by 5% or less) |
|
We just implemented an alert and prevent edit an ini file if more lines than max_input_vars in com_localise. I am interested in your Ajax method. |
|
Hi, i believe i will have spare time at end of this week this can be optionally enabled (e.g. form must add a CSS class to the <form class="jsubmit_doserialize ...") and if JS code detects need it will fallback to serialized submit Note there is related code with this
|
|
@infograf768 |
|
@ggppdk the PR would be great for core - then it wont be needed in com_localise either This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7581. |
|
@brianteeman Combination of
http://php.net/manual/en/function.parse-str.php so i am using
I did not have a case to fail so far, but the code is 2 years old and i would like to search if some solution is now available, that is better than mine |
|
@ggppdk thanks - looking forward to it. This is becoming more of an issue as extensions become more complex and sites become larger This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/7581. |
|
In regards to my comment above, about ACL permissions
thus some forms become much smaller i see the merged pull request too ... i had seen before but i forgot of it |
|
Ok i have written new code, that is much cleaner code and tested it with recursive array_diff on my old method now i need to find the best place to add / make the check if
For proper compatibility we will need to also set the variable back into both $_REQUEST and $_POST (without any filtering of course because this is supposed not to have been filtered, that is a job done by validation) Please look at the constructor of JInput should we check and do the decompresision (once) at just before line ?: |
|
Sorry I have no idea Best thing to do is to try one option and submit as a pull request. (it Brian Teeman |
|
About JS serialization code, which also does other things too, like disable the serialized fields and provide way to restore form if submit is done via AJAX ...
(placement for my custom code is different, since i full override joomla validation, and do custom, that is not the case here, so placing it must be done differently) Also concern is to work with 3rd party extensions too, for Joomla forms there should not be any issue I see that for best compatibility now forms are submited
thus we can not call the serialization code from Joomla.submitform() need to run it by listening to on-submit event and also make sure that it runs after at least the 2 validation functions
** OF course if form validation fails no serialization is done (YET) ** i think to do serialization only if html5fallback.js is loaded, if not loaded then not do anything !
any ideas are welcome anyway you can wait for new PR and suggest moving the code elswhere |
|
@ggppdk are you going to submit a PR - this is becoming more and more important |
|
I am sorry for not submiting such a PR already Yes i can do it, i will make a PR please give a week, i ll find time to do it please note that JS code (client) is using jQuery |
|
i have opened an open issue here: so that this work is not neglected |
Here is another way to check
max_input_varswith better precision, at least in theory 😄The script compare amount of form inputs with server limit.
Currently I added it to the form: article, category, module, menu item, global configuration, plugin, user.
test
Simplest way to test is to create the hundred(or two)
usergroups and try open one of mentioned above form.Original idea by @brianteeman #7456
The text for Warning I copied from that pull, with small modification ... @brianteeman please check 😉
I think, in the warning message instead of
your websiteneed something more precision , likecurrent form(because script do test per the form) ... but not sure how to make it correct.