From 712dcb0aac9f704cb8474e5d73550d5a8a593ca6 Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 2 Aug 2024 09:04:34 +0900 Subject: [PATCH 1/4] docs: add warning for In-Model Validation --- user_guide_src/source/models/model.rst | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/user_guide_src/source/models/model.rst b/user_guide_src/source/models/model.rst index c77e68cb81b8..05323bfba49b 100644 --- a/user_guide_src/source/models/model.rst +++ b/user_guide_src/source/models/model.rst @@ -649,11 +649,14 @@ Cleans out the database table by permanently removing all rows that have 'delete In-Model Validation =================== +.. warning:: In-Model validation is performed just before data is stored in the + database. Prior to that point, the data has not yet been validated. Processing + user-input data prior to validation may introduce vulnerabilities. + Validating Data --------------- -For many people, validating data in the model is the preferred way to ensure the data is kept to a single -standard, without duplicating code. The Model class provides a way to automatically have all data validated +The Model class provides a way to automatically have all data validated prior to saving to the database with the ``insert()``, ``update()``, or ``save()`` methods. .. important:: When you update data, by default, the validation in the model class only From 9e90c2e7bef0606347fc517bb11bee0303cb87d7 Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 2 Aug 2024 09:12:39 +0900 Subject: [PATCH 2/4] docs: add link to "Saving Sets of Validation Rules to the Config File" --- user_guide_src/source/libraries/validation.rst | 2 ++ user_guide_src/source/models/model.rst | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/user_guide_src/source/libraries/validation.rst b/user_guide_src/source/libraries/validation.rst index 7b87954653e1..71d82deff694 100644 --- a/user_guide_src/source/libraries/validation.rst +++ b/user_guide_src/source/libraries/validation.rst @@ -476,6 +476,8 @@ the validation rules. .. literalinclude:: validation/045.php :lines: 2- +.. _saving-validation-rules-to-config-file: + Saving Sets of Validation Rules to the Config File ================================================== diff --git a/user_guide_src/source/models/model.rst b/user_guide_src/source/models/model.rst index 05323bfba49b..b4b143db8ae1 100644 --- a/user_guide_src/source/models/model.rst +++ b/user_guide_src/source/models/model.rst @@ -679,8 +679,10 @@ be applied. If you have custom error message that you want to use, place them in .. literalinclude:: model/027.php -If you'd rather organize your rules and error messages within the Validation configuration file, you can do that -and simply set `$validationRules`_ to the name of the validation rule group you created: +If you'd rather organize your rules and error messages within the +:ref:`Validation Config File `, you can +do that and simply set `$validationRules`_ to the name of the validation rule +group you created: .. literalinclude:: model/034.php From 7938cf3347f598372c8afe4f164e9e7ba19d6b84 Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 2 Aug 2024 09:17:56 +0900 Subject: [PATCH 3/4] docs: add in-page links --- user_guide_src/source/models/model.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user_guide_src/source/models/model.rst b/user_guide_src/source/models/model.rst index b4b143db8ae1..1c99b06dc843 100644 --- a/user_guide_src/source/models/model.rst +++ b/user_guide_src/source/models/model.rst @@ -243,13 +243,13 @@ $validationRules Contains either an array of validation rules as described in :ref:`validation-array` or a string containing the name of a validation group, as described in the same section. -Described in more detail below. +See also :ref:`model-setting-validation-rules`. $validationMessages ^^^^^^^^^^^^^^^^^^^ Contains an array of custom error messages that should be used during validation, as -described in :ref:`validation-custom-errors`. Described in more detail below. +described in :ref:`validation-custom-errors`. See also :ref:`model-setting-validation-rules`. $skipValidation ^^^^^^^^^^^^^^^ @@ -671,6 +671,8 @@ prior to saving to the database with the ``insert()``, ``update()``, or ``save() To avoid such glitches, this behavior can be changed by configuration. See :ref:`clean-validation-rules` for details. +.. _model-setting-validation-rules: + Setting Validation Rules ------------------------ From 0630332b61c8581bbc7edf135e58bcd47918675f Mon Sep 17 00:00:00 2001 From: kenjis Date: Fri, 2 Aug 2024 09:35:11 +0900 Subject: [PATCH 4/4] docs: add link to list of validation rules --- user_guide_src/source/libraries/validation.rst | 2 ++ user_guide_src/source/models/model.rst | 8 ++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/user_guide_src/source/libraries/validation.rst b/user_guide_src/source/libraries/validation.rst index 71d82deff694..048449580422 100644 --- a/user_guide_src/source/libraries/validation.rst +++ b/user_guide_src/source/libraries/validation.rst @@ -877,6 +877,8 @@ Or you can use the following parameters: .. literalinclude:: validation/047.php :lines: 2- +.. _validation-available-rules: + *************** Available Rules *************** diff --git a/user_guide_src/source/models/model.rst b/user_guide_src/source/models/model.rst index 1c99b06dc843..e8186487f9e6 100644 --- a/user_guide_src/source/models/model.rst +++ b/user_guide_src/source/models/model.rst @@ -676,8 +676,12 @@ prior to saving to the database with the ``insert()``, ``update()``, or ``save() Setting Validation Rules ------------------------ -The first step is to fill out the `$validationRules`_ class property with the fields and rules that should -be applied. If you have custom error message that you want to use, place them in the `$validationMessages`_ array: +The first step is to fill out the `$validationRules`_ class property with the +fields and rules that should be applied. + +.. note:: You can see the list of built-in Validation rules in :ref:`validation-available-rules`. + +If you have custom error message that you want to use, place them in the `$validationMessages`_ array: .. literalinclude:: model/027.php