Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Always append empty values to dropdowns with invalid data #10373

Merged
merged 3 commits into from
Jan 18, 2022
Merged

Always append empty values to dropdowns with invalid data #10373

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7b1b9df
Don't decode as json on empty strings
timkelty Jan 17, 2022
95304c4
Changelog
timkelty Jan 17, 2022
6a46f84
Typo
timkelty Jan 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
- The content in the `resourcepaths` table is now excluded from database backups by default.
- User caches are now invalidated after login attempts. ([#10313](https://github.com/craftcms/cms/discussions/10313))
- Assets fields’ “Upload files” buttons now have `aria-describedby` attributes when appropriate.
- Color fields’ hexn inputs now have `aria-label` attributes.
- Color fields’ hex inputs now have `aria-label` attributes.
- Field status messages are now included in their `aria-describedby` attributes.
- User queries will no longer exclude suspended users when `status('pending')` is passed. ([#10361](https://github.com/craftcms/cms/issues/10361))

Expand All @@ -32,6 +32,7 @@
- Fixed a bug where validation errors referenced by `aria-describedby` attributes weren’t getting read out by VoiceOver. ([#10355](https://github.com/craftcms/cms/pull/10355))
- Fixed a bug where element queries’ `withQueries` properties were ignored. ([#10359](https://github.com/craftcms/cms/pull/10359))
- Fixed a bug where fatal PHP errors were not logged to `stderr` when the `CRAFT_STREAM_LOG` PHP constant was set to `true`. ([#10366](https://github.com/craftcms/cms/pull/10366))
- Fixed a bug where Dropdown fields with invalid data would not always display a blank option. ([#10365](https://github.com/craftcms/cms/issues/10365))

### Security
- Fixed an XSS vulnerability.
Expand Down
3 changes: 2 additions & 1 deletion src/fields/BaseOptionsField.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -239,11 +239,12 @@ public function normalizeValue($value, ElementInterface $element = null)
}

if (is_string($value) && (
$value === '' ||
strpos($value, '[') === 0 ||
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing this allows $value to remain '' instead of being coerced to null.

strpos($value, '{') === 0
)) {
$value = Json::decodeIfJson($value);
} else if ($value === '' && $this->multi) {
$value = [];
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This ensures we don't brake the fix from #3844

} else if ($value === null && $this->isFresh($element)) {
$value = $this->defaultValue();
}
Expand Down