Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.2

Bug #2658 preProcessForm doesn't permanently change form values
Submitted: 2004-11-01 07:02 UTC Modified: 2006-12-16 02:29 UTC
From: kljsavage at netscape dot net Assigned: justinpatrin
Status: Closed Package: DB_DataObject_FormBuilder
PHP Version: 4.3.7 OS: Linux
Roadmaps: (Not assigned)    

 [2004-11-01 07:02 UTC] kljsavage at netscape dot net
Description: ------------ I am using preProcessForm() to generate and md5 digest of the submitted password field, however this is not passed onto the processForm() method. ie. it would appear that the form values array is being passed by value. Reproduce code: --------------- function preProcessForm(&$values) { $password = $values['password']; if(isset($password)) { $values['password'] = md5($password); } } Expected result: ---------------- $values['password'] should have the value of md5($password) Actual result: -------------- $values['password'] has the original value of $password


 [2004-11-01 07:12 UTC] kljsavage at netscape dot net
It appears that changing the call at line 1761 of FormBuilder.php to a call time pass by reference call 'fixes/hacks around' the problem.
 [2004-11-01 11:44 UTC] justinpatrin
Are you turning off overloading? In PHP4, overloading kills pass-by-ref. Try putting this *before* you include DB_DataObject and FormBuilder: define('DB_DATAOBJECT_NO_OVERLOAD',true); Note: this sill stop the automatic set/get functions from working. This functionality should really be *removed* from DB_DO IMHO as it screws up everything. Actually, it should just be removed from PHP4, but that's just my opinion.
 [2004-11-01 22:31 UTC] kljsavage at netscape dot net
Thanks, that appears to be the problem. Unfortunately, losing all the get/set methods is going to require a significant amount of refactoring...
 [2004-11-01 23:10 UTC] justinpatrin
Well, you can always leave the & in your code. We're debating adding it to all of those function calls in FormBuilder, so stay tuned. Again, the overloading causes errors in PHP which *will not be fixed* in PHP4. It can also cause PHP to crash in some cases, so it's recommended not to use it.
 [2004-12-21 14:12 UTC] justinpatrin
Markus? Norbert? We should really make a decision here. IMHO deprecated syntax should really not be used. Yes, it fixes the overloading issue, but it's not on by default and causes many user questions. If we *really* want to keep this option I would suggest adding an option (::sigh:: I know, another one...) which turns on call-time-pass-by-ref for *all* callbacks where we pass objects (preProcessForm, postProcessForm, preGenerateForm, postGenerateForm, and prepareLinkedDataObject).
 [2004-12-28 07:26 UTC] mw21st
My $0.02 on this: Let's *not* remove the call-by-reference thingies, as removing them can break things even on PHP installations that have overloading turned off, which is because of another bug in PHP4 that has nothing to do with overloading at all. I'd rather propose to add warning signs the size of a skyscraper at every place possible that overloading in PHP4 is bad, bad, bad, bad and should definitely be turned off. If someone needs overloading really bad, he should really switch to PHP5, which has the nice side-effect that all the call-by-reference issues do not exist anymore as well.
 [2004-12-28 14:06 UTC] justinpatrin
Won't PHP5 still complain about call-time-pass-by-ref? What about those who can't change their ini files or settings? They are simply screwed when it comes to this (unless they do some output buffering or some-such to make the warnings go away). I agree that we should have big "don't overload if you don't want headaches" signs on our docs and such. So if we leave the & in the call(s), we should add it to all of the calls which should be by ref. I don't think they are currently all set up with & although I may be wrong. I'd like to mention once more that a simple boolean option would be nice for turning off the call-time-pass-by-ref for those of us who don't use overloading and such. It would be ~5 lines of extra code per DO callback in FB, which is 5 or 6 now I think.
 [2005-01-01 19:58 UTC] justinpatrin
This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on In case this was a website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better. I've added a new option to FormBuilder in CVS: useCallTimePassByReference. If set to true, call-time-pass-by-reference will be used for all DataObject callbacks. When set to false (default) it will not be used. We could also do an auto-check for the overloading define (and the PHP version) and set it accordingly.