Skip to content

[DataManager] Add validation for input fields#152

Open
PhilVanB wants to merge 6 commits intomasterfrom
feature/input-validation
Open

[DataManager] Add validation for input fields#152
PhilVanB wants to merge 6 commits intomasterfrom
feature/input-validation

Conversation

@PhilVanB
Copy link
Contributor

@PhilVanB PhilVanB commented Feb 11, 2026
edited
Loading

Adds a validation for all input fields with the following regex: ^[\p{L}0-9_\-\s@]*$

Can be overwritten selectively by adding the pattern attribute to the digitizer's yaml configuration:

-
   type: input
   title: E-Mail
   name: email
   css: { width: 40% }
   attr:
       pattern: '^[\p{L}0-9_\-\s@]*$'

pattern attribute existed before, see: https://doc.mapbender.org/en/elements/editing/digitizer/digitizer_configuration.html#customization-by-attr-object-definitions

Phocacius
Phocacius requested changes Feb 12, 2026
View reviewed changes
src/Mapbender/DataManagerBundle/Resources/public/FormRenderer.js Outdated
var digitizer = $('.mb-element-digitizer').data('mapbenderMbDigitizer');
var regexPattern = (settings.hasOwnProperty('pattern')) ? settings.pattern : digitizer.options.regexPattern;
if (!$input.attr('pattern')) {
$input.attr('pattern', regexPattern);
Copy link
Member

@Phocacius Phocacius Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This results in a misleading error message being shown when the regex validates incorrectly

Image

Also, since the JS regex parser does not allow \p{L} (see mapbender/mapbender#1824 (review)) maybe it's after all best to just use serverside validation. This would also avoid the problem of having to get the digitizer/datamanager data above.

Copy link
Contributor Author

@PhilVanB PhilVanB Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed the client side validation.

src/Mapbender/DataManagerBundle/Resources/public/FormRenderer.js Outdated
.attr('name', settings.name || null)
.addClass('form-control')
;
var digitizer = $('.mb-element-digitizer').data('mapbenderMbDigitizer');
Copy link
Member

@Phocacius Phocacius Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should also work for pure DataManagers that don't use the Digitizer and therefore does not have mapbenderMbDigitizer set

Copy link
Contributor Author

@PhilVanB PhilVanB Feb 12, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

client side validation removed, see above

src/Mapbender/DataManagerBundle/Component/HttpHandler.php Outdated
Comment on lines 193 to 213
protected function validateInputData($elementConfig, $schemaConfig)
{
$regexPattern = $elementConfig['regexPattern'];
$this->iterateFormItems($schemaConfig['formItems'], $regexPattern);
}

protected function iterateFormItems($formItems, $regexPattern)
{
foreach ($formItems as $formItem) {
if (array_key_exists('children', $formItem)) {
$this->iterateFormItems($formItem['children'], $regexPattern);
} else {
if (array_key_exists('name', $formItem)) {
$pattern = (array_key_exists('pattern', $formItem)) ? $formItem['pattern'] : $regexPattern;
if (!preg_match('/' . $pattern . '/', $formItem['name'])) {
throw new BadRequestHttpException('api.query.error-invalid-data');
}
}
}
}
}
Copy link
Member

@Phocacius Phocacius Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the server side validation does not seem to work. When I remove the pattern attribute, I can still save any string even though it does not match the pattern.

Copy link
Contributor Author

@PhilVanB PhilVanB Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@PhilVanB
Copy link
Contributor Author

PhilVanB commented Feb 12, 2026

@Phocacius
When u test again, make sure to delete your current digitizer and configure a new one.
Else the old default regex ^[a-zA-Z0-9_\-\s]*$ will not be replaced by the new one ^[\p{L}0-9_\-\s]*$ in the database.

@PhilVanB PhilVanB requested a review from Phocacius February 12, 2026 13:29
@astroidex astroidex mentioned this pull request Feb 12, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@astroidex astroidex Awaiting requested review from astroidex

@Phocacius Phocacius Awaiting requested review from Phocacius

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PhilVanB @Phocacius