• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed Required custom fields can be skipped on registration

Jake Bunce

XenForo moderator
Staff member
#1
Confirmed in 1.1.3

Per this post:

http://xenforo.com/community/threads/my-forums-getting-lots-of-spam.35195/page-22#post-446388

If a required field is not submitted with the form then the controller does not check the value and allows it to pass despite it being required. This is mostly a problem for bots.

Here is a quick code fix:

XenForo_ControllerPublic_Register::actionRegister

Add the red code:

Code:
		$writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId);
		$writer->set('language_id', XenForo_Visitor::getInstance()->get('language_id'));

		$customFields = $this->_input->filterSingle('custom_fields', XenForo_Input::ARRAY_SIMPLE);
		// $customFieldsShown = $this->_input->filterSingle('custom_fields_shown', XenForo_Input::STRING, array('array' => true));
		$customFieldsShown = array_keys(
			$this->_getFieldModel()->getUserFields(array('registration' => true))
		);
		$writer->setCustomFields($customFields, $customFieldsShown);

		$writer->advanceRegistrationUserState();
		$writer->preSave();

		if ($options->get('registrationSetup', 'requireDob'))
		{
			// dob required
			if (!$data['dob_day'] || !$data['dob_month'] || !$data['dob_year'])
			{
				$writer->error(new XenForo_Phrase('please_enter_valid_date_of_birth'), 'dob');
			}
Now $customFieldsShown is set to the fields that should have been shown. That ensures those fields are processed, and an error is thrown if a required field is omitted.