Subject: Zend_Form: Values of Multi-Elements (select...) can be "out of range"
Date: Monday 7th January 2008 19:58:45 UTC (over 10 years ago)
Zend_Form currently doesn't prevent bad guys from submitting forms filled with "bad" values (not being part of the available options). Attached to this post you can find a quick & dirty patch, trying to fix this. A more elegant variant would be overriding getValidatorChain(), ad- ding some kind of Zend_Validate_IsArrayKey(). As the latter doesn't exist (and as I'm really lazy) I have chosen the approach shown in the attached patch file. Kind regards, Thomas Gelf