Rob Posted November 29, 2011 Share Posted November 29, 2011 I've been developing an Inpuitfield/Fieldtype combo that allows me to input multiple sets of data, and I'm using JQuery to add another "set" of data into the form markup but I've run into a problem becasue I'm using multi-deimnesional array names for the form fields. This doesn't get processed correctly by PW and when I look at the WireInput class it mentions only allowing single-dimensional arrays. Is there a good reason for this? Multi-dimensional arrays in forms are pretty useful and I can't work out (off the top of my head) why this would be restricted in this way. For example: <input name="fieldname[phonenumber][] /> <input name="fieldname[phonenumber][] /> This will return an empty array for the field value in the WireInput instance passed into ___ProcessInput() method. Is there a specific reason? I can manage by directly accessing the POST array, but it'd be nicer to use a native PW approach. Link to comment Share on other sites More sharing options...
Rob Posted November 29, 2011 Author Share Posted November 29, 2011 If I make WireInputData::cleanarray() recursive by removing the check for array line and then adding this... If(is_array($value)) return $this->cleanarray($value); ...then I get the result I would expect. Is this behaviour likely to damage other parts of the system? Link to comment Share on other sites More sharing options...
Rob Posted November 29, 2011 Author Share Posted November 29, 2011 My bad - that code isn't fully recursive, but it certainly allows me to have an extra dimension in my field name arrays. I'm sure I'll get told shortly why this isn't a good idea!! Link to comment Share on other sites More sharing options...
Rob Posted November 29, 2011 Author Share Posted November 29, 2011 Code mistake again!! In fact, all I had to do was remove the code that checks for an array and returns (thus not allowing multi-dimensional arrays) and I now get the behaviour I would expect. This brings me back to the question - why disallow this behaviour? Link to comment Share on other sites More sharing options...
Soma Posted November 30, 2011 Share Posted November 30, 2011 I can't speak for Ryan, and I'm not sure. I guess it's to simplify things on not have endless dimensional for sake of the change tracking? Anyhow, can't you just use $_POST $_GET? Or are you really needing processInput? On a side note: Why doing quadruple posts? Please use the edit button to add things. Thanks Link to comment Share on other sites More sharing options...
ryan Posted November 30, 2011 Share Posted November 30, 2011 The main reason it's not there is just because $input is another layer on top of $_POST (or $_GET or $_COOKIE) and I wanted to limit the overhead of it as much as possible, at least until we needed it. Didn't want to enable the possibility of someone posting endless multidimensional arrays from a security standpoint. But ultimately if the need was there, I would add it. And now that its come up, we might as well add it. Probably what I will do is just limit the recursion to 2 or 3 levels to keep it safe. I don't see any potential issues with adding it. If you've had the need for it, then I'm sure others will to. If you want to submit a pull request, I'll bring it into the core. Otherwise, I'll plan to add and commit an update to the core soon. Thanks, Ryan 5 Link to comment Share on other sites More sharing options...
Pete Posted October 27, 2013 Share Posted October 27, 2013 http://processwire.com/talk/topic/4812-field-names-using-arrays/ *whistles nonchalantly, hands in pockets, walking away from the topic* Link to comment Share on other sites More sharing options...
cream Posted April 18, 2016 Share Posted April 18, 2016 So this was it! Seriously, this is needed. Or at least mentioned in the $input docs. 1 Link to comment Share on other sites More sharing options...
netcarver Posted April 18, 2016 Share Posted April 18, 2016 I, too, would like to see this added. Maybe with a config setting to control maximum depth of recursion. Link to comment Share on other sites More sharing options...
blynx Posted September 27, 2016 Share Posted September 27, 2016 Just stumbled upon it, too. Actually, what are these security concerns? Link to comment Share on other sites More sharing options...
abdus Posted September 28, 2017 Share Posted September 28, 2017 https://security.stackexchange.com/questions/127808/is-array-injection-a-vulnerability-and-what-is-the-proper-term-for-it 2 Link to comment Share on other sites More sharing options...
porl Posted February 26, 2020 Share Posted February 26, 2020 I made a change in core/WireInputData.php to allow for a config option to allow multidimensional arrays. https://github.com/processwire/processwire/pull/161 Link to comment Share on other sites More sharing options...
isellsoap Posted January 17, 2021 Share Posted January 17, 2021 Oh my goodness, I just went mad about this topic. Tried to figure out for hours why I couldn’t get multi-dimensional arrays working with PW’s post until I found this thread. @ryan Could you add a note about this in the documentation? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now