Wireinput only allows one-dimensional arrays - why?!

[Rob]

I've been developing an Inpuitfield/Fieldtype combo that allows me to input multiple sets of data, and I'm using JQuery to add another "set" of data into the form markup but I've run into a problem becasue I'm using multi-deimnesional array names for the form fields.  This doesn't get processed correctly by PW and when I look at the WireInput class it mentions only allowing single-dimensional arrays.

Is there a good reason for this?  Multi-dimensional arrays in forms are pretty useful and I can't work out (off the top of my head) why this would be restricted in this way.

For example:

<input name="fieldname[phonenumber][] />
<input name="fieldname[phonenumber][] />

This will return an empty array for the field value in the WireInput instance passed into ___ProcessInput() method.

Is there a specific reason?  I can manage by directly accessing the POST array, but it'd be nicer to use a native PW approach.

[Rob]

If I make WireInputData::cleanarray() recursive by removing the check for array line and then adding this...

If(is_array($value)) return $this->cleanarray($value);

...then I get the result I would expect.  Is this behaviour likely to damage other parts of the system?

[Rob]

My bad - that code isn't fully recursive, but it certainly allows me to have an extra dimension in my field name arrays.

I'm sure I'll get told shortly why this isn't a good idea!!

[Rob]

Code mistake again!!

In fact, all I had to do was remove the code that checks for an array and returns (thus not allowing multi-dimensional arrays) and I now get the behaviour I would expect.

This brings me back to the question - why disallow this behaviour?

[Soma]

I can't speak for Ryan, and I'm not sure. I guess it's to simplify things on not have endless dimensional for sake of the change tracking? Anyhow, can't you just use $_POST $_GET? Or are you really needing processInput?

On a side note:

Why doing quadruple posts?

Please use the edit button to add things.

Thanks

[ryan]

The main reason it's not there is just because $input is another layer on top of $_POST (or $_GET or $_COOKIE) and I wanted to limit the overhead of it as much as possible, at least until we needed it. Didn't want to enable the possibility of someone posting endless multidimensional arrays from a security standpoint. But ultimately if the need was there, I would add it. And now that its come up, we might as well add it. Probably what I will do is just limit the recursion to 2 or 3 levels to keep it safe. I don't see any potential issues with adding it. If you've had the need for it, then I'm sure others will to. If you want to submit a pull request, I'll bring it into the core. Otherwise, I'll plan to add and commit an update to the core soon.

Thanks,

Ryan

[Pete]

http://processwire.com/talk/topic/4812-field-names-using-arrays/

*whistles nonchalantly, hands in pockets, walking away from the topic*

[cream]

So this was it! Seriously, this is needed. Or at least mentioned in the $input docs.

[netcarver]

I, too, would like to see this added. Maybe with a config setting to control maximum depth of recursion.

[blynx]

Just stumbled upon it, too.

Actually, what are these security concerns?

[abdus]

https://security.stackexchange.com/questions/127808/is-array-injection-a-vulnerability-and-what-is-the-proper-term-for-it

[porl]

I made a change in core/WireInputData.php to allow for a config option to allow multidimensional arrays.

https://github.com/processwire/processwire/pull/161

[isellsoap]

Oh my goodness, I just went mad about this topic. Tried to figure out for hours why I couldn’t get multi-dimensional arrays working with PW’s post until I found this thread.

@ryan Could you add a note about this in the documentation?