1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fixed Required custom fields can be skipped on registration

Discussion in 'Resolved Bug Reports' started by Jake Bunce, Nov 23, 2012.

  1. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Confirmed in 1.1.3

    Per this post:


    If a required field is not submitted with the form then the controller does not check the value and allows it to pass despite it being required. This is mostly a problem for bots.

    Here is a quick code fix:


    Add the red code:

    		$writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId);
    		$writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id'));
    		$customFields = $this->_input->filterSingle('custom_fields', XenForo_Input::ARRAY_SIMPLE);
    		// $customFieldsShown = $this->_input->filterSingle('custom_fields_shown', XenForo_Input::STRING, array('array' => true));
    		$customFieldsShown = array_keys(
    			$this->_getFieldModel()->getUserFields(array('registration' => true))
    		$writer->setCustomFields($customFields, $customFieldsShown);
    		if ($options->get('registrationSetup', 'requireDob'))
    			// dob required
    			if (!$data['dob_day'] || !$data['dob_month'] || !$data['dob_year'])
    				$writer->error(new XenForo_Phrase('please_enter_valid_date_of_birth'), 'dob');
    Now $customFieldsShown is set to the fields that should have been shown. That ensures those fields are processed, and an error is thrown if a required field is omitted.
  2. Mike

    Mike XenForo Developer Staff Member

    Fixed, good catch. :)
    Slavik likes this.

Share This Page