Fixed Required custom fields can be skipped on registration

Jake Bunce

XenForo moderator
Staff member
Confirmed in 1.1.3

Per this post:

If a required field is not submitted with the form then the controller does not check the value and allows it to pass despite it being required. This is mostly a problem for bots.

Here is a quick code fix:


Add the red code:

Rich (BB code):
		$writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId);
		$writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id'));

		$customFields = $this->_input->filterSingle('custom_fields', XenForo_Input::ARRAY_SIMPLE);
		// $customFieldsShown = $this->_input->filterSingle('custom_fields_shown', XenForo_Input::STRING, array('array' => true));
		$customFieldsShown = array_keys(
			$this->_getFieldModel()->getUserFields(array('registration' => true))
		$writer->setCustomFields($customFields, $customFieldsShown);


		if ($options->get('registrationSetup', 'requireDob'))
			// dob required
			if (!$data['dob_day'] || !$data['dob_month'] || !$data['dob_year'])
				$writer->error(new XenForo_Phrase('please_enter_valid_date_of_birth'), 'dob');
Now $customFieldsShown is set to the fields that should have been shown. That ensures those fields are processed, and an error is thrown if a required field is omitted.