Fixed Required custom fields can be skipped on registration

Jake Bunce

XenForo moderator
Staff member
Confirmed in 1.1.3

Per this post:

http://xenforo.com/community/threads/my-forums-getting-lots-of-spam.35195/page-22#post-446388

If a required field is not submitted with the form then the controller does not check the value and allows it to pass despite it being required. This is mostly a problem for bots.

Here is a quick code fix:

XenForo_ControllerPublic_Register::actionRegister

Add the red code:

Rich (BB code):
		$writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId);
		$writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id'));

		$customFields = $this->_input->filterSingle('custom_fields', XenForo_Input::ARRAY_SIMPLE);
		// $customFieldsShown = $this->_input->filterSingle('custom_fields_shown', XenForo_Input::STRING, array('array' => true));
		$customFieldsShown = array_keys(
			$this->_getFieldModel()->getUserFields(array('registration' => true))
		);
		$writer->setCustomFields($customFields, $customFieldsShown);

		$writer->advanceRegistrationUserState();
		$writer->preSave();

		if ($options->get('registrationSetup', 'requireDob'))
		{
			// dob required
			if (!$data['dob_day'] || !$data['dob_month'] || !$data['dob_year'])
			{
				$writer->error(new XenForo_Phrase('please_enter_valid_date_of_birth'), 'dob');
			}
Now $customFieldsShown is set to the fields that should have been shown. That ensures those fields are processed, and an error is thrown if a required field is omitted.
 
Top