HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

ProfileExtender - field lenght

Any way to limit amount of signs in Textbox-fields?

Comments

  • R_JR_J Admin
    edited October 2019

    Interesting! In the plugin there's an array of allowed "FieldProperties" and one of which is "Length". Therefore I would try adding the following line to the config:

    $Configuration['ProfileExtender']['Fields']['Whatever']['Length'] = 8;

  • KasparKaspar ✭✭✭
    edited October 2019

    I will test that.


    Reason for asking:

    An account (of the unwanted kind) had filled a payload of image and site links in a custom field.

    So much that I had to go the db way to remove it.

    Browser hung when trying to mark to remove.

    Both in edit profile in forum and dashboard.

  • KasparKaspar ✭✭✭

    In dashboard I could mark the amount that is visible and delete and then repeat but after 10-15 rounds browser hung again.

  • Slightly unsatisfying: you are allowed to give a length, but it has no effect. Instead you can do that: $Configuration['ProfileExtender']['Fields']['Whatever']['Options'] = ['MaxLength' => 5];

    But the MaxLength is only for the HTML element. You can change that with the web inspector and send anything you like...

  • There is no other way to enforce a limit other than writing a plugin. But in your case I would recommend using an sql to clean the db. Only if this happens more often you might think about writing a plugin for that.

  • Maybe put the restriction on the DB column? Then JS to validate the form. problem is that if the JS fails, the server will send the error of excess. And I have not found a way to catch the error and make it more readable to the user

  • ProfileExtender fields are saved in the UserMeta table. Therefore you couldn't change the column without unwanted side effects.

    A plugin could catch the UserModel BeforeSave... events and do some validation, using the Validation->addValidationResult so that a string of exceeding length could trigger a "normal" error message.

Sign In or Register to comment.