vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Verifying fields in the API Classess (https://vborg.vbsupport.ru/showthread.php?t=82966)

VBCoder 06-12-2005 05:12 PM
Verifying fields in the API Classess
 
Taking a look through the API, I see that when set()ing, you can choose whether to verify or not.

Two questions:
1) How does vB verify? I can't find the code to do it. I see all these references to VF_METHOD, but can't figure out what that is.

2) If you don't verify, and put in bad data, what happens? Does vB try to roll with it, and do as much as it can? Does it crash? Or, does it corrupt the database?

VBCoder 06-15-2005 02:04 AM
As I haven't gotten a response, I'm assuming that my post lacked enough details to be clear. Please let me know what other information I need to add.

Andreas 06-15-2005 04:01 AM
Quote:
Originally Posted by class_dm.php
FIELD 2 (VF_CODE) - This contains code to be executed as a lamda function called as 'function($data, $this)'.
Alternatively, the value can be VF_METHOD, in which case, $this->verify_{$fieldname} will be called.
In other words:
If this is set to VF_METHOD, a function verfiy_fieldname will be used to verify this field - or the function specified (FIELD 3, VF_METHODNAME).

If you don't verify, the data may be garbage (for examle 'c:\winnt' set as email in User Datamanager).

VBCoder 06-15-2005 04:12 AM
Thanks, Kirbs - you hit the nail on the head.
Quote:
If you don't verify, the data may be garbage (for examle 'c:\winnt' set as email in User Datamanager).
Is there any prediction what happens in these cases (will the error be caught before corrupting the whole forum db?)?

Andreas 06-15-2005 04:28 AM
I think if there are no further checks in presave(), the data will just be written to the database.
At least this is how the User Datamanager behaves (with c:\winnt as eMail).

This might cause inconsistent data.
However, it should not cause mySQL-Errors.
But if you also set clean to false, the datatype will not be checked - and you might run into mySQL Errors and SQL injection vulnerbilities.


All times are GMT. The time now is 04:37 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02805 seconds
  • Memory Usage 1,724KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete