Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use symfony/validator for as much validation logic as we can throw at it. #193

Closed
3 tasks done
GuySartorelli opened this issue Feb 1, 2024 · 0 comments
Closed
3 tasks done
Assignees
Milestone

Comments

@GuySartorelli
Copy link
Member

GuySartorelli commented Feb 1, 2024

In silverstripe/silverstripe-framework#11123 we added a lightweight wrapper around symfony/validator, which has a ton of validation constraints we can use all over the place if we want to.

Some obvious quick wins:

  • validation of URLs anywhere we're doing that
  • validation of email addresses from forms (i.e. EmailField)
  • validation of email addresses elsewhere (or else use egulias/email-validator validation for everything email related)
  • password strength validation (which checks entropy instead of arbitrary rules)
  • file and image validation (we probably do a lot of custom checks that this can do with less code on our end)
  • locale and language codes (I don't think we currently check those for i18n stuff, but we should)

Because this would represent a change in logic, it could break some things so it needs to either be opt-in where it's applied or just be done in a major release.

Acceptance criteria

  • Compile a list of things where existing logic could be replaced e.g. long regexs (ended up just using the list of constraints as my list of things to check)
  • Use symfony constraints for the easy stuff
  • [ ] Raise new cards for anything that is harder no need
  • For password strength validation (and possibly others, though probably not) - it's still possible to implement their own business logic i.e. disable symfony constraints

Validation applied:

  • URLs
  • Email addresses
  • Ip addresses
  • Passwords

File and image validation would require changing too much code surrounding the validation itself, and locale stuff didn't seem worthwhile.
Most other validation was for things like "not blank" which is trivial to do without relying on symfony (or in the case of RequiredFields our setup is currently too idiosyncratic to rely on something that simple)

CMS 5 PRs

CMS 6 PRs

@GuySartorelli GuySartorelli added this to the Silverstripe CMS 6 milestone Feb 1, 2024
@GuySartorelli GuySartorelli self-assigned this Sep 18, 2024
@GuySartorelli GuySartorelli removed their assignment Sep 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants