|
Tuesday 29 April 2008 7:23:53 am
Hi Jacek, 1) The fact that you modify the presentation layer of the application will not always have any effect on the way the application logic works. In fact, it should not, otherwise it's a security bug. 2) What you have done caused eZ Publish to skip the login attribute and accept the attribute, and this is a bug, especially when it comes user datatype. It's the problem of "weak attribute validation", I've already submitted it as a bug. Meanwhile, the reason this particular attribute behaved the way it did was: function validateObjectAttributeHTTPInput( $http, $base, $contentObjectAttribute )
{
if ( $http->hasPostVariable( $base . "_data_user_login_" . $contentObjectAttribute->attribute( "id" ) ) )
{ (...) }
return eZInputValidator::STATE_ACCEPTED;
}
As you can see, it only validates the login part of user datatype, otherwise accepting it. 3) To answer your question - I'm not sure if it is possible to skip this part. I mean this may be possible if you modify the user account datatype or write your own, but the value might be used internally somewhere, so I would carefully test it first.
--
Company: mediaSELF Sp. z o.o., http://www.mediaself.pl
eZ references: http://ez.no/partners/worldwide_partners/mediaself
eZ certified developer: http://ez.no/certification/verify/272585
eZ blog: http://ez.ryba.eu
|