Merge pull request #8639 from kenjis/improve-validation-error-msg

refactor: improve Validation Placeholder error message
codeigniter4 · Mar 25, 2024 · 446aa0b · 446aa0b
2 parents 5211abf + 56990e6
commit 446aa0b
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 4 deletions.
diff --git a/system/Validation/Validation.php b/system/Validation/Validation.php
@@ -790,7 +790,9 @@ protected function fillPlaceholders(array $rules, array $data): array
                         // Check if the validation rule for the placeholder exists
                         if ($placeholderRules === null) {
                             throw new LogicException(
-                                'No validation rules for the placeholder: ' . $field
+                                'No validation rules for the placeholder: "' . $field
+                                . '". You must set the validation rules for the field.'
+                                . ' See <https://codeigniter4.github.io/userguide/libraries/validation.html#validation-placeholders>.'
                             );
                         }
 

diff --git a/tests/system/Validation/StrictRules/DatabaseRelatedRulesTest.php b/tests/system/Validation/StrictRules/DatabaseRelatedRulesTest.php
@@ -17,6 +17,7 @@
 use Config\Database;
 use Config\Services;
 use InvalidArgumentException;
+use LogicException;
 use Tests\Support\Validation\TestRules;
 
 /**
@@ -139,6 +140,34 @@ public function testIsUniqueWithIgnoreValuePlaceholder(): void
         $this->assertTrue($this->validation->run($data));
     }
 
+    public function testIsUniqueWithPlaceholderAndNoValidationRulesForIt(): void
+    {
+        $this->expectException(LogicException::class);
+        $this->expectExceptionMessage('No validation rules for the placeholder: "id". You must set the validation rules for the field.');
+
+        $this->hasInDatabase('user', [
+            'name'    => 'Derek',
+            'email'   => 'derek@world.co.uk',
+            'country' => 'GB',
+        ]);
+
+        $row = Database::connect()
+            ->table('user')
+            ->limit(1)
+            ->get()
+            ->getRow();
+
+        $data = [
+            'id'    => $row->id,
+            'email' => 'derek@world.co.uk',
+        ];
+
+        $this->validation->setRules([
+            'email' => 'is_unique[user.email,id,{id}]',
+        ]);
+        $this->validation->run($data);
+    }
+
     public function testIsUniqueByManualRun(): void
     {
         Database::connect()

diff --git a/user_guide_src/source/libraries/validation.rst b/user_guide_src/source/libraries/validation.rst
@@ -517,15 +517,18 @@ Validation Placeholders
 =======================
 
 The Validation class provides a simple method to replace parts of your rules based on data that's being passed into it. This
-sounds fairly obscure but can be especially handy with the ``is_unique`` validation rule. Placeholders are simply
+sounds fairly obscure but can be especially handy with the ``is_unique`` validation rule.
+
+Placeholders are simply
 the name of the field (or array key) that was passed in as ``$data`` surrounded by curly brackets. It will be
 replaced by the **value** of the matched incoming field. An example should clarify this:
 
 .. literalinclude:: validation/020.php
    :lines: 2-
 
-.. note:: Since v4.3.5, you must set the validation rules for the placeholder
-    field (the ``id`` field in the sample code above) for security.
+.. warning:: Since v4.3.5, you must set the validation rules for the placeholder
+    field (the ``id`` field in the sample code above) for security reasons. Because
+    attackers can send any data to your application.
 
 In this set of rules, it states that the email address should be unique in the database, except for the row
 that has an id matching the placeholder's value. Assuming that the form POST data had the following: