Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
$form_state['input'] is very dangerous, it'd be good to have a method documented explaining that.
Proposed resolution
Remaining tasks
User interface changes
API changes
Commit message.
Issue #2318087 by tim.plunkett, jibran: Replace $form_state['input'] with FormState::getUserInput().
Comment | File | Size | Author |
---|---|---|---|
#8 | interdiff.txt | 20 KB | tim.plunkett |
#8 | form_state-input-2318087-8.patch | 53.92 KB | tim.plunkett |
Comments
Comment #1
tim.plunkettComment #2
jibranWell I love this patch. I am ++ on using
$input = &$form_state->getUserInput();
to set or get the values from the FormStateInterface::$input. And it'll discourage user to use it. I haven't found any objectionable thing while reviewing it. So nothing to fix here.Nice!!!
lol
hanlders
and$form_state[{values']
I am going to let this slide :D
Comment #3
jibranGreen. I'll add it to main change notice.
Comment #4
jibranHere is the update https://www.drupal.org/node/2310411/revisions/view/7513005/7516151
Comment #5
alexpottUsing a method called getUserInput to set user input feels icky. Especially since we have a few
$form_state->set('input,..
around.Not sure if we should be doing it this way.
Comment #7
tim.plunkettFair enough. We should have methods for everything.
Comment #8
tim.plunkettUgh, wrong patch and forgot interdiff.
Comment #10
jibranShould these docs be added to setUserInput as well? Or something similar.
Comment #11
tim.plunkettI don't think additional docs are needed. setUserInput() is not dangerous, since you're saying "this is unfiltered". Only getting the unfiltered values and using them like they're safe is the problem.
Comment #12
casey CreditAttribution: casey commentedWhat about getRawInput()? I think such name better explains what the method returns.
Comment #13
jibranInput is always raw so naming it getRawInput doesn't make sense.
@tim.plunkett thanks for the explanation.
As #5 is addressed so RTBC. Added suggested commit message to issue summary.
Comment #14
webchickCommitted and pushed to 8.x. Thanks!