Merge pull request #8639 from kenjis/improve-validation-error-msg

refactor: improve Validation Placeholder error message
2025-02-20 11:44:28 +08:00 · 2024-03-26 08:20:02 +09:00 · 2024-03-26 08:20:02 +09:00 · 446aa0beeb
commit 446aa0beeb
parent 5211abfb2c 56990e6bf5
3 changed files with 38 additions and 4 deletions
--- a/system/Validation/Validation.php
+++ b/system/Validation/Validation.php
@ -790,7 +790,9 @@ class Validation implements ValidationInterface
                        // Check if the validation rule for the placeholder exists
                        if ($placeholderRules === null) {
                            throw new LogicException(
-                                'No validation rules for the placeholder: ' . $field
+                                'No validation rules for the placeholder: "' . $field
+                                . '". You must set the validation rules for the field.'
+                                . ' See <https://codeigniter4.github.io/userguide/libraries/validation.html#validation-placeholders>.'
                            );
                        }

--- a/tests/system/Validation/StrictRules/DatabaseRelatedRulesTest.php
+++ b/tests/system/Validation/StrictRules/DatabaseRelatedRulesTest.php
@ -17,6 +17,7 @@ use CodeIgniter\Validation\Validation;
 use Config\Database;
 use Config\Services;
 use InvalidArgumentException;
+use LogicException;
 use Tests\Support\Validation\TestRules;

 /**
@ -139,6 +140,34 @@ class DatabaseRelatedRulesTest extends CIUnitTestCase
        $this->assertTrue($this->validation->run($data));
    }

+    public function testIsUniqueWithPlaceholderAndNoValidationRulesForIt(): void
+    {
+        $this->expectException(LogicException::class);
+        $this->expectExceptionMessage('No validation rules for the placeholder: "id". You must set the validation rules for the field.');
+
+        $this->hasInDatabase('user', [
+            'name'    => 'Derek',
+            'email'   => 'derek@world.co.uk',
+            'country' => 'GB',
+        ]);
+
+        $row = Database::connect()
+            ->table('user')
+            ->limit(1)
+            ->get()
+            ->getRow();
+
+        $data = [
+            'id'    => $row->id,
+            'email' => 'derek@world.co.uk',
+        ];
+
+        $this->validation->setRules([
+            'email' => 'is_unique[user.email,id,{id}]',
+        ]);
+        $this->validation->run($data);
+    }
+
    public function testIsUniqueByManualRun(): void
    {
        Database::connect()
--- a/user_guide_src/source/libraries/validation.rst
+++ b/user_guide_src/source/libraries/validation.rst
@ -517,15 +517,18 @@ Validation Placeholders
 =======================

 The Validation class provides a simple method to replace parts of your rules based on data that's being passed into it. This
-sounds fairly obscure but can be especially handy with the ``is_unique`` validation rule. Placeholders are simply
+sounds fairly obscure but can be especially handy with the ``is_unique`` validation rule.
+
+Placeholders are simply
 the name of the field (or array key) that was passed in as ``$data`` surrounded by curly brackets. It will be
 replaced by the **value** of the matched incoming field. An example should clarify this:

 .. literalinclude:: validation/020.php
   :lines: 2-

-.. note:: Since v4.3.5, you must set the validation rules for the placeholder
-    field (the ``id`` field in the sample code above) for security.
+.. warning:: Since v4.3.5, you must set the validation rules for the placeholder
+    field (the ``id`` field in the sample code above) for security reasons. Because
+    attackers can send any data to your application.

 In this set of rules, it states that the email address should be unique in the database, except for the row
 that has an id matching the placeholder's value. Assuming that the form POST data had the following: