=head1 NAME
-CGI::Ex::Validate - another form validator - but it does javascript in parallel
+CGI::Ex::Validate - The "Just Right" form validator with javascript in parallel
=cut
###----------------------------------------------------------------###
-# Copyright 2006 - Paul Seamons #
+# Copyright 2007 - Paul Seamons #
# Distributed under the Perl Artistic License without warranty #
###----------------------------------------------------------------###
@UNSUPPORTED_BROWSERS
);
-$VERSION = '2.00';
+$VERSION = '2.24';
$DEFAULT_EXT = 'val';
$QR_EXTRA = qr/^(\w+_error|as_(array|string|hash)_\w+|no_\w+)/;
@UNSUPPORTED_BROWSERS = (qr/MSIE\s+5.0\d/i);
-use CGI::Ex::Conf ();
-
###----------------------------------------------------------------###
sub new {
- my $class = shift || __PACKAGE__;
- my $self = (@_ && ref($_[0])) ? shift : {@_};
+ my $class = shift;
+ my $self = ref($_[0]) ? shift : {@_};
- ### allow for global defaults
- foreach (keys %DEFAULT_OPTIONS) {
- $self->{$_} = $DEFAULT_OPTIONS{$_} if ! exists $self->{$_};
- }
+ $self = {%DEFAULT_OPTIONS, %$self} if scalar keys %DEFAULT_OPTIONS;
return bless $self, $class;
}
###----------------------------------------------------------------###
sub cgix {
- my $self = shift;
- return $self->{cgix} ||= do {
- require CGI::Ex;
- CGI::Ex->new;
- };
+ my $self = shift;
+ return $self->{'cgix'} ||= do {
+ require CGI::Ex;
+ CGI::Ex->new;
+ };
}
### the main validation routine
sub validate {
- my $self = (! ref($_[0])) ? shift->new # $class->validate
- : UNIVERSAL::isa($_[0], __PACKAGE__) ? shift # $self->validate
- : __PACKAGE__->new; # &validate
- my $form = shift || die "Missing form hash";
- my $val_hash = shift || die "Missing validation hash";
- my $what_was_validated = shift; # allow for extra arrayref that stores what was validated
-
- ### turn the form into a form if it is really a CGI object
- if (! ref($form)) {
- die "Invalid form hash or cgi object";
- } elsif(! UNIVERSAL::isa($form,'HASH')) {
- local $self->{cgi_object} = $form;
- $form = $self->cgix->get_form($form);
- }
+ my $self = (! ref($_[0])) ? shift->new # $class->validate
+ : UNIVERSAL::isa($_[0], __PACKAGE__) ? shift # $self->validate
+ : __PACKAGE__->new; # &validate
+ my $form = shift || die "Missing form hash";
+ my $val_hash = shift || die "Missing validation hash";
+ my $what_was_validated = shift; # allow for extra arrayref that stores what was validated
+
+ ### turn the form into a form hash if doesn't look like one already
+ die "Invalid form hash or cgi object" if ! ref $form;
+ if (ref $form ne 'HASH') {
+ local $self->{cgi_object} = $form;
+ $form = $self->cgix->get_form($form);
+ }
+
+ ### make sure the validation is a hashref
+ ### get_validation handle odd types
+ if (ref $val_hash ne 'HASH') {
+ $val_hash = $self->get_validation($val_hash) if ref $val_hash ne 'SCALAR' || ! ref $val_hash;
+ die "Validation groups must be a hashref" if ref $val_hash ne 'HASH';
+ }
- ### get the validation - let get_validation deal with types
- ### if a ref is not passed - assume it is a filename
- $val_hash = $self->get_validation($val_hash);
-
- ### allow for validation passed as single group hash, single group array,
- ### or array of group hashes or group arrays
- my @ERRORS = ();
- my %EXTRA = ();
- my @USED_GROUPS = ();
- my $group_order = UNIVERSAL::isa($val_hash,'HASH') ? [$val_hash] : $val_hash;
- foreach my $group_val (@$group_order) {
- die "Validation groups must be a hashref" if ! UNIVERSAL::isa($group_val,'HASH');
- my $title = $group_val->{'group title'};
- my $validate_if = $group_val->{'group validate_if'};
+ ### parse keys that are group arguments - and those that are keys to validate
+ my %ARGS;
+ my @field_keys = grep { /^(?:group|general)\s+(\w+)/
+ ? do {$ARGS{$1} = $val_hash->{$_} ; 0}
+ : 1 }
+ sort keys %$val_hash;
### only validate this group if it is supposed to be checked
- next if $validate_if && ! $self->check_conditional($form, $validate_if);
- push @USED_GROUPS, $group_val;
-
- ### If the validation items were not passed as an arrayref.
- ### Look for a group order and then fail back to the keys of the group.
- ### We will keep track of what was added using %found - the keys will
- ### be the hash signatures of the field_val hashes (ignore the hash internals).
- my @field_keys;
- my @group_keys;
- foreach (sort keys %$group_val) {
- /^(group|general)\s+(\w+)/ ? push(@group_keys, [$1, $2, $_]) : push(@field_keys, $_);
- }
- my $fields = $group_val->{'group fields'};
- if ($fields) { # if I passed group fields array - use it
- die "'group fields' must be an arrayref" if ! UNIVERSAL::isa($fields,'ARRAY');
- } else { # other wise - create our own array
- my @fields = ();
- if (my $order = $group_val->{'group order'} || \@field_keys) {
- die "Validation 'group order' must be an arrayref" if ! UNIVERSAL::isa($order,'ARRAY');
- foreach my $field (@$order) {
- my $field_val = exists($group_val->{$field}) ? $group_val->{$field}
- : ($field eq 'OR') ? 'OR' : die "No element found in group for $field";
- if (ref $field_val && ! $field_val->{'field'}) {
- $field_val = { %$field_val, 'field' => $field }; # copy the values to add the key
- }
- push @fields, $field_val;
+ return if $ARGS{'validate_if'} && ! $self->check_conditional($form, $ARGS{'validate_if'});
+
+ ### Look first for items in 'group fields' or 'group order'
+ my $fields;
+ if ($fields = $ARGS{'fields'} || $ARGS{'order'}) {
+ my $type = $ARGS{'fields'} ? 'group fields' : 'group order';
+ die "Validation '$type' must be an arrayref when passed"
+ if ! UNIVERSAL::isa($fields, 'ARRAY');
+ my @temp;
+ foreach my $field (@$fields) {
+ die "Non-defined value in '$type'" if ! defined $field;
+ if (ref $field) {
+ die "Found nonhashref value in '$type'" if ref($field) ne 'HASH';
+ die "Element missing \"field\" key/value in '$type'" if ! defined $field->{'field'};
+ push @temp, $field;
+ } elsif ($field eq 'OR') {
+ push @temp, 'OR';
+ } else {
+ die "No element found in '$type' for $field" if ! exists $val_hash->{$field};
+ die "Found nonhashref value in '$type'" if ref($val_hash->{$field}) ne 'HASH';
+ push @temp, { %{ $val_hash->{$field} }, field => $field }; # copy the values to add the key
+ }
}
- }
- $fields = \@fields;
+ $fields = \@temp;
+
+ ### limit the keys that need to be searched to those not in fields or order
+ my %found = map { $_->{'field'} => 1 } @temp;
+ @field_keys = grep { ! $found{$_} } @field_keys;
}
- ### double check which field_vals have been used so far
- ### add any remaining field_vals from the order
+ ### add any remaining field_vals from our original hash
### this is necessary for items that weren't in group fields or group order
- my %found = map {$_->{'field'} => 1} @$fields;
foreach my $field (@field_keys) {
- next if $found{$field};
- my $field_val = $group_val->{$field};
- die "Found a nonhashref value on field $field" if ! UNIVERSAL::isa($field_val, 'HASH');
- push @$fields, $field_val;
+ die "Found nonhashref value for field $field" if ref($val_hash->{$field}) ne 'HASH';
+ if (defined $val_hash->{$field}->{'field'}) {
+ push @$fields, $val_hash->{$field};
+ } else {
+ push @$fields, { %{$val_hash->{$field}}, field => $field };
+ }
}
+ return if ! $fields;
### Finally we have our arrayref of hashrefs that each have their 'field' key
### now lets do the validation
+ $self->{'was_checked'} = {};
+ $self->{'was_valid'} = {};
+ $self->{'had_error'} = {};
my $found = 1;
- my @errors = ();
- my $hold_error; # hold the error for a moment - to allow for an "Or" operation
- foreach (my $i = 0; $i <= $#$fields; $i ++) {
- my $ref = $fields->[$i];
- if (! ref($ref) && $ref eq 'OR') {
- $i ++ if $found; # if found skip the OR altogether
- $found = 1; # reset
- next;
- }
- $found = 1;
- die "Missing field key during normal validation" if ! $ref->{'field'};
- local $ref->{'was_validated'} = 1;
- my @err = $self->validate_buddy($form, $ref->{'field'}, $ref);
- if (delete($ref->{'was_validated'}) && $what_was_validated) {
- push @$what_was_validated, $ref;
- }
+ my @errors;
+ my $hold_error; # hold the error for a moment - to allow for an "OR" operation
+ my %checked;
+ foreach (my $i = 0; $i < @$fields; $i++) {
+ my $ref = $fields->[$i];
+ if (! ref($ref) && $ref eq 'OR') {
+ $i++ if $found; # if found skip the OR altogether
+ $found = 1; # reset
+ next;
+ }
+ $found = 1;
+ my $field = $ref->{'field'} || die "Missing field key during normal validation";
+ if (! $checked{$field}++) {
+ $self->{'was_checked'}->{$field} = 1;
+ $self->{'was_valid'}->{$field} = 1;
+ $self->{'had_error'}->{$field} = 0;
+ }
+ local $ref->{'was_validated'} = 1;
+ my $err = $self->validate_buddy($form, $field, $ref);
+ if ($ref->{'was_validated'} && $what_was_validated) {
+ push @$what_was_validated, $ref;
+ } else {
+ $self->{'was_valid'}->{$field} = 0;
+ }
- ### test the error - if errors occur allow for OR - if OR fails use errors from first fail
- if (scalar @err) {
- if ($i < $#$fields && ! ref($fields->[$i + 1]) && $fields->[$i + 1] eq 'OR') {
- $hold_error = \@err;
+ ### test the error - if errors occur allow for OR - if OR fails use errors from first fail
+ if ($err) {
+ $self->{'was_valid'}->{$field} = 0;
+ $self->{'had_error'}->{$field} = 0;
+ if ($i < $#$fields && ! ref($fields->[$i + 1]) && $fields->[$i + 1] eq 'OR') {
+ $hold_error = $err;
+ } else {
+ push @errors, $hold_error ? @$hold_error : @$err;
+ $hold_error = undef;
+ }
} else {
- push @errors, $hold_error ? @$hold_error : @err;
- $hold_error = undef;
+ $hold_error = undef;
}
- } else {
- $hold_error = undef;
- }
}
push(@errors, @$hold_error) if $hold_error; # allow for final OR to work
- ### add on errors as requested
- if ($#errors != -1) {
- push @ERRORS, $title if $title;
- push @ERRORS, @errors;
- }
- ### add on general options, and group options if errors in group occurred
- foreach (@group_keys) {
- my ($type, $short_key, $full_key) = @$_;
- next if $type eq 'group' && ($#errors == -1 || $short_key =~ /^(field|order|title)$/);
- $EXTRA{$short_key} = $group_val->{$full_key};
+ ### optionally check for unused keys in the form
+ if ($ARGS{no_extra_fields} || $self->{no_extra_fields}) {
+ my %keys = map { ($_->{'field'} => 1) } @$fields; # %{ $self->get_validation_keys($val_hash) };
+ foreach my $key (sort keys %$form) {
+ next if $keys{$key};
+ push @errors, [$key, 'no_extra_fields', {}, undef];
+ }
}
- }
- ### store any extra items from self
- $EXTRA{$_} = $self->{$_} for grep {/$QR_EXTRA/o} keys %$self;
-
- ### allow for checking for unused keys
- if ($EXTRA{no_extra_fields}) {
- my $which = ($EXTRA{no_extra_fields} =~ /used/i) ? 'used' : 'all';
- my $ref = ($which eq 'all') ? $val_hash : \@USED_GROUPS;
- my $keys = $self->get_validation_keys($ref);
- foreach my $key (sort keys %$form) {
- next if $keys->{$key};
- push @ERRORS, [$key, 'no_extra_fields', {}, undef];
+ ### return what they want
+ if (@errors) {
+ my @copy = grep {/$QR_EXTRA/o} keys %$self;
+ @ARGS{@copy} = @{ $self }{@copy};
+ unshift @errors, $ARGS{'title'} if $ARGS{'title'};
+ my $err_obj = $self->new_error(\@errors, \%ARGS);
+ die $err_obj if $ARGS{'raise_error'};
+ return $err_obj;
+ } else {
+ return;
}
- }
-
- ### return what they want
- if ($#ERRORS != -1) {
- my $err_obj = $self->new_error(\@ERRORS, \%EXTRA);
- die $err_obj if $EXTRA{'raise_error'};
- return $err_obj;
- } else {
- return wantarray ? () : undef;
- }
}
sub new_error {
### allow for optional validation on groups and on individual items
sub check_conditional {
- my ($self, $form, $ifs, $N_level, $ifs_match) = @_;
-
- $N_level ||= 0;
- $N_level ++; # prevent too many recursive checks
+ my ($self, $form, $ifs, $ifs_match) = @_;
### can pass a single hash - or an array ref of hashes
if (! $ifs) {
$ifs = [$ifs];
}
+ local $self->{'_check_conditional'} = 1;
+
### run the if options here
### multiple items can be passed - all are required unless OR is used to separate
my $found = 1;
$found = 1; # reset
next;
} else {
- if ($ref =~ s/^\s*!\s*//) {
+ if ($ref =~ /^function\s*\(/) {
+ next;
+ } elsif ($ref =~ /^(.*?)\s+(was_valid|had_error|was_checked)$/) {
+ $ref = {field => $1, $2 => 1};
+ } elsif ($ref =~ s/^\s*!\s*//) {
$ref = {field => $ref, max_in_set => "0 of $ref"};
} else {
$ref = {field => $ref, required => 1};
my $field = $ref->{'field'} || die "Missing field key during validate_if (possibly used a reference to a main hash *foo -> &foo)";
$field =~ s/\$(\d+)/defined($ifs_match->[$1]) ? $ifs_match->[$1] : ''/eg if $ifs_match;
- my @err = $self->validate_buddy($form, $field, $ref, $N_level);
- $found = 0 if scalar @err;
+ my $errs = $self->validate_buddy($form, $field, $ref);
+ $found = 0 if $errs;
}
return $found;
}
### this is where the main checking goes on
sub validate_buddy {
my $self = shift;
- my ($form, $field, $field_val, $N_level, $ifs_match) = @_;
- $N_level ||= 0;
- $N_level ++; # prevent too many recursive checks
- die "Max dependency level reached $N_level" if $N_level > 10;
+ my ($form, $field, $field_val, $ifs_match) = @_;
+
+ local $self->{'_recurse'} = ($self->{'_recurse'} || 0) + 1;
+ die "Max dependency level reached 10" if $self->{'_recurse'} > 10;
my @errors = ();
my $types = [sort keys %$field_val];
### allow for not running some tests in the cgi
if ($field_val->{'exclude_cgi'}) {
delete $field_val->{'was_validated'};
- return wantarray ? @errors : $#errors + 1;
+ return 0;
}
### allow for field names that contain regular expressions
foreach my $_field (sort keys %$form) {
next if ($not && $_field =~ m/(?$opt:$pat)/) || (! $not && $_field !~ m/(?$opt:$pat)/);
my @match = (undef, $1, $2, $3, $4, $5); # limit to the matches
- push @errors, $self->validate_buddy($form, $_field, $field_val, $N_level, \@match);
+ my $errs = $self->validate_buddy($form, $_field, $field_val, \@match);
+ push @errors, @$errs if $errs;
}
- return wantarray ? @errors : $#errors + 1;
+ return @errors ? \@errors : 0;
}
+ if ($field_val->{was_valid} && ! $self->{'_was_valid'}->{$field}) { return [[$field, 'was_valid', $field_val, $ifs_match]]; }
+ if ($field_val->{had_error} && ! $self->{'_had_error'}->{$field}) { return [[$field, 'had_error', $field_val, $ifs_match]]; }
+ if ($field_val->{was_checked} && ! $self->{'_was_checked'}->{$field}) { return [[$field, 'was_checked', $field_val, $ifs_match]]; }
+
my $values = UNIVERSAL::isa($form->{$field},'ARRAY') ? $form->{$field} : [$form->{$field}];
my $n_values = $#$values + 1;
$value =~ s/\s+$//;
$modified = 1;
}
+ if ($field_val->{'trim_control_chars'}) {
+ $value =~ y/\t/ /;
+ $value =~ y/\x00-\x1F//d;
+ $modified = 1;
+ }
if ($field_val->{'to_upper_case'}) { # uppercase
$value = uc($value);
$modified = 1;
}
}else{
foreach my $value (@$values) {
+ next if ! defined $value;
$value =~ s{(?$opt:$pat)}{
my @match = (undef, $1, $2, $3, $4, $5, $6); # limit on the number of matches
my $copy = $swap;
foreach my $type (grep {/^validate_if_?\d*$/} @$types) {
$n_vif ++;
my $ifs = $field_val->{$type};
- my $ret = $self->check_conditional($form, $ifs, $N_level, $ifs_match);
+ my $ret = $self->check_conditional($form, $ifs, $ifs_match);
$needs_val ++ if $ret;
}
if (! $needs_val && $n_vif) {
delete $field_val->{'was_validated'};
- return wantarray ? @errors : $#errors + 1;
+ return 0;
}
### check for simple existence
if (! $is_required) {
foreach my $type (grep {/^required_if_?\d*$/} @$types) {
my $ifs = $field_val->{$type};
- next if ! $self->check_conditional($form, $ifs, $N_level, $ifs_match);
+ next if ! $self->check_conditional($form, $ifs, $ifs_match);
$is_required = $type;
last;
}
}
if ($is_required
&& ($n_values == 0 || ($n_values == 1 && (! defined($values->[0]) || ! length $values->[0])))) {
- return 1 if ! wantarray;
- push @errors, [$field, $is_required, $field_val, $ifs_match];
- return @errors;
+ return [] if $self->{'_check_conditional'};
+ return [[$field, $is_required, $field_val, $ifs_match]];
}
### min values check
my $n = exists($field_val->{'min_values'}) ? $field_val->{'min_values'} || 0 : 0;
if ($n_values < $n) {
- return 1 if ! wantarray;
- push @errors, [$field, 'min_values', $field_val, $ifs_match];
- return @errors;
+ return [] if $self->{'_check_conditional'};
+ return [[$field, 'min_values', $field_val, $ifs_match]];
}
### max values check
$field_val->{'max_values'} = 1 if ! exists $field_val->{'max_values'};
$n = $field_val->{'max_values'} || 0;
if ($n_values > $n) {
- return 1 if ! wantarray;
- push @errors, [$field, 'max_values', $field_val, $ifs_match];
- return @errors;
+ return [] if $self->{'_check_conditional'};
+ return [[$field, 'max_values', $field_val, $ifs_match]];
}
### max_in_set and min_in_set checks
}
if ( ($minmax eq 'min' && $n > 0)
|| ($minmax eq 'max' && $n < 0)) {
- return 1 if ! wantarray;
- push @errors, [$field, $type, $field_val, $ifs_match];
- return @errors;
+ return [] if $self->{'_check_conditional'};
+ return [[$field, $type, $field_val, $ifs_match]];
}
}
}
$found = 1 if defined($value) && $_ eq $value;
}
if (! $found) {
- return 1 if ! wantarray;
+ return [] if $self->{'_check_conditional'};
push @errors, [$field, 'enum', $field_val, $ifs_match];
}
$content_checked = 1;
$success = 1; # occurs if they are both undefined
}
if ($not ? $success : ! $success) {
- return 1 if ! wantarray;
+ return [] if $self->{'_check_conditional'};
push @errors, [$field, $type, $field_val, $ifs_match];
}
$content_checked = 1;
if (exists $field_val->{'min_len'}) {
my $n = $field_val->{'min_len'};
if (! defined($value) || length($value) < $n) {
- return 1 if ! wantarray;
+ return [] if $self->{'_check_conditional'};
push @errors, [$field, 'min_len', $field_val, $ifs_match];
}
}
if (exists $field_val->{'max_len'}) {
my $n = $field_val->{'max_len'};
if (defined($value) && length($value) > $n) {
- return 1 if ! wantarray;
+ return [] if $self->{'_check_conditional'};
push @errors, [$field, 'max_len', $field_val, $ifs_match];
}
}
if ( ( $not && ( defined($value) && $value =~ m/(?$opt:$pat)/))
|| (! $not && (! defined($value) || $value !~ m/(?$opt:$pat)/))
) {
- return 1 if ! wantarray;
+ return [] if $self->{'_check_conditional'};
push @errors, [$field, $type, $field_val, $ifs_match];
}
}
die "Not sure how to compare \"$comp\"";
}
if (! $test) {
- return 1 if ! wantarray;
+ return [] if $self->{'_check_conditional'};
push @errors, [$field, $type, $field_val, $ifs_match];
}
}
$field_val->{"${type}_error_if"} = 1 if ! defined $field_val->{"${type}_error_if"};
if ( (! $return && $field_val->{"${type}_error_if"})
|| ($return && ! $field_val->{"${type}_error_if"}) ) {
- return 1 if ! wantarray;
+ return [] if $self->{'_check_conditional'};
push @errors, [$field, $type, $field_val, $ifs_match];
}
$content_checked = 1;
foreach my $type (grep {/^custom_?\d*$/} @$types) {
my $check = $field_val->{$type};
next if UNIVERSAL::isa($check, 'CODE') ? &$check($field, $value, $field_val, $type) : $check;
- return 1 if ! wantarray;
+ return [] if $self->{'_check_conditional'};
push @errors, [$field, $type, $field_val, $ifs_match];
$content_checked = 1;
}
### do specific type checks
foreach my $type (grep {/^type_?\d*$/} @$types) {
if (! $self->check_type($value,$field_val->{'type'},$field,$form)){
- return 1 if ! wantarray;
+ return [] if $self->{'_check_conditional'};
push @errors, [$field, $type, $field_val, $ifs_match];
}
$content_checked = 1;
}
### all done - time to return
- return wantarray ? @errors : $#errors + 1;
+ return @errors ? \@errors : 0;
}
###----------------------------------------------------------------###
return 0 if $value =~ m/(\.\-|\-\.|\.\.)/;
return 0 if length($value) > 255;
return 0 if $value !~ s/\.([a-z]+)$//;
-
- my $ext = $1;
- if ($ext eq 'name') { # .name domains
- return 0 if $value !~ /^[a-z0-9][a-z0-9\-]{0,62} \. [a-z0-9][a-z0-9\-]{0,62}$/x;
- } else { # any other domains
- return 0 if $value !~ /^([a-z0-9][a-z0-9\-]{0,62} \.)* [a-z0-9][a-z0-9\-]{0,62}$/x;
- }
+ return 0 if $value !~ /^([a-z0-9][a-z0-9\-]{0,62} \.)* [a-z0-9][a-z0-9\-]{0,62}$/x;
### validate a url
} elsif ($type eq 'URL') {
###----------------------------------------------------------------###
sub get_validation {
- my $self = shift;
- my $val = shift;
- return CGI::Ex::Conf::conf_read($val, {html_key => 'validation', default_ext => $DEFAULT_EXT});
+ my $self = shift;
+ my $val = shift;
+ require CGI::Ex::Conf;
+ return CGI::Ex::Conf::conf_read($val, {html_key => 'validation', default_ext => $DEFAULT_EXT});
}
### returns all keys from all groups - even if group has validate_if
my $self = shift;
my $val_hash = shift;
my $form = shift; # with optional form - will only return keys in validated groups
- my %keys = ();
- ### if a form was passed - make sure it is a hashref
+ ### turn the form into a form hash if doesn't look like one already
if ($form) {
- if (! ref($form)) {
- die "Invalid form hash or cgi object";
- } elsif(! UNIVERSAL::isa($form,'HASH')) {
- require CGI::Ex;
- $form = CGI::Ex->new->get_form($form);
- }
+ die "Invalid form hash or cgi object" if ! ref $form;
+ if (ref $form ne 'HASH') {
+ local $self->{cgi_object} = $form;
+ $form = $self->cgix->get_form($form);
+ }
}
- my $refs = $self->get_validation($val_hash);
- $refs = [$refs] if ! UNIVERSAL::isa($refs,'ARRAY');
- foreach my $group_val (@$refs) {
- die "Group found that was not a hashref" if ! UNIVERSAL::isa($group_val, 'HASH');
+ ### make sure the validation is a hashref
+ ### get_validation handle odd types
+ if (ref $val_hash ne 'HASH') {
+ $val_hash = $self->get_validation($val_hash) if ref $val_hash ne 'SCALAR' || ! ref $val_hash;
+ die "Validation groups must be a hashref" if ref $val_hash ne 'HASH';
+ }
- ### if form is passed, check to see if the group passed validation
- if ($form) {
- my $validate_if = $group_val->{'group validate_if'};
- next if $validate_if && ! $self->check_conditional($form, $validate_if);
+ ### parse keys that are group arguments - and those that are keys to validate
+ my %ARGS;
+ my @field_keys = grep { /^(?:group|general)\s+(\w+)/
+ ? do {$ARGS{$1} = $val_hash->{$_} ; 0}
+ : 1 }
+ sort keys %$val_hash;
+
+ ### only validate this group if it is supposed to be checked
+ return if $form && $ARGS{'validate_if'} && ! $self->check_conditional($form, $ARGS{'validate_if'});
+
+ ### Look first for items in 'group fields' or 'group order'
+ my %keys;
+ if (my $fields = $ARGS{'fields'} || $ARGS{'order'}) {
+ my $type = $ARGS{'fields'} ? 'group fields' : 'group order';
+ die "Validation '$type' must be an arrayref when passed"
+ if ! UNIVERSAL::isa($fields, 'ARRAY');
+ foreach my $field (@$fields) {
+ die "Non-defined value in '$type'" if ! defined $field;
+ if (ref $field) {
+ die "Found nonhashref value in '$type'" if ref($field) ne 'HASH';
+ die "Element missing \"field\" key/value in '$type'" if ! defined $field->{'field'};
+ $keys{$field->{'field'}} = $field->{'name'} || 1;
+ } elsif ($field eq 'OR') {
+ } else {
+ die "No element found in '$type' for $field" if ! exists $val_hash->{$field};
+ die "Found nonhashref value in '$type'" if ref($val_hash->{$field}) ne 'HASH';
+ $keys{$field} = $val_hash->{$field}->{'name'} || 1;
+ }
}
+ }
- if ($group_val->{"group fields"}) {
- die "Group fields must be an arrayref" if ! UNIVERSAL::isa($group_val->{"group fields"}, 'ARRAY');
- foreach my $field_val (@{ $group_val->{"group fields"} }) {
- next if ! ref($field_val) && $field_val eq 'OR';
- die "Field_val must be a hashref" if ! UNIVERSAL::isa($field_val, 'HASH');
- my $key = $field_val->{'field'} || die "Missing field key in field_val hashref";
- $keys{$key} = $field_val->{'name'} || 1;
- }
- } elsif ($group_val->{"group order"}) {
- die "Group order must be an arrayref" if ! UNIVERSAL::isa($group_val->{"group order"}, 'ARRAY');
- foreach my $key (@{ $group_val->{"group order"} }) {
- my $field_val = $group_val->{$key};
- next if ! $field_val && $key eq 'OR';
- die "Field_val for $key must be a hashref" if ! UNIVERSAL::isa($field_val, 'HASH');
- $key = $field_val->{'field'} if $field_val->{'field'};
- $keys{$key} = $field_val->{'name'} || 1;
+ ### add any remaining field_vals from our original hash
+ ### this is necessary for items that weren't in group fields or group order
+ foreach my $field (@field_keys) {
+ next if $keys{$field};
+ die "Found nonhashref value for field $field" if ref($val_hash->{$field}) ne 'HASH';
+ if (defined $val_hash->{$field}->{'field'}) {
+ $keys{$val_hash->{$field}->{'field'}} = $val_hash->{$field}->{'name'} || 1;
+ } else {
+ $keys{$field} = $val_hash->{$field}->{'name'} || 1;
}
- }
-
- ### get all others
- foreach my $key (keys %$group_val) {
- next if $key =~ /^(general|group)\s/;
- my $field_val = $group_val->{$key};
- next if ! UNIVERSAL::isa($field_val, 'HASH');
- $keys{$key} = $field_val->{'name'} || 1;
- }
}
return \%keys;
"$js_uri_path/CGI/Ex/validate.js";
};
- if (eval { require JSON }) {
+ if (! $self->{'no_jsondump'} && eval { require CGI::Ex::JSONDump }) {
+ my $json = CGI::Ex::JSONDump->new({pretty => 1})->dump($val_hash);
+ return qq{<script src="$js_uri_path_validate"></script>
+<script>
+document.validation = $json;
+if (document.check_form) document.check_form("$form_name");
+</script>
+};
+
+ } elsif (! $self->{'no_json'} && eval { require JSON }) {
my $json = JSON->new(pretty => 1)->objToJson($val_hash);
return qq{<script src="$js_uri_path_validate"></script>
use overload '""' => \&as_string;
sub new {
- my $class = shift || __PACKAGE__;
- my $errors = shift;
- my $extra = shift || {};
- die "Missing or invalid arrayref" if ! UNIVERSAL::isa($errors, 'ARRAY');
- die "Missing or invalid hashref" if ! UNIVERSAL::isa($extra, 'HASH');
- return bless {errors => $errors, extra => $extra}, $class;
+ my ($class, $errors, $extra) = @_;
+ die "Missing or invalid errors arrayref" if ref $errors ne 'ARRAY';
+ die "Missing or invalid extra hashref" if ref $extra ne 'HASH';
+ return bless {errors => $errors, extra => $extra}, $class;
}
sub as_string {
email => {
required => 1,
max_len => 100,
+ type => 'email',
},
email2 => {
- validate_if => 'email',
- equals => 'email',
+ equals => 'email',
},
};
- ### ordered
+ ### ordered (only onevent submit needs order)
my $val_hash = {
'group order' => [qw(username email email2)],
username => {required => 1, max_len => 30},
required => 1,
max_len => 100,
}, {
- field => 'email2',
- validate_if => 'email',
- equals => 'email',
+ field => 'email2',
+ equals => 'email',
}],
};
my $vob = CGI::Ex::Validate->new;
my $errobj = $vob->validate($form, $val_hash);
- # OR #
- my $errobj = $vob->validate($form, "/somefile/somewhere.val"); # import config using yaml file
- # OR #
- my $errobj = $vob->validate($form, "/somefile/somewhere.pl"); # import config using perl file
- # OR #
- my $errobj = $vob->validate($form, "--- # a yaml document\n"); # import config using yaml str
+ # OR #
+ # import config using any type CGI::Ex::Conf supports
+ my $errobj = $vob->validate($form, "/somefile/somewhere.val");
if ($errobj) {
my $error_heading = $errobj->as_string; # OR "$errobj";
my $error_list = $errobj->as_array; # ordered list of what when wrong
my $error_hash = $errobj->as_hash; # hash of arrayrefs of errors
} else {
- # form passed validation
+ # the form passed validation
}
### will add an error for any form key not found in $val_hash
my $vob = CGI::Ex::Validate->new({no_extra_keys => 1});
my $errobj = $vob->validate($form, $val_hash);
+
+ my $js_uri_path = '/js/'; # static or dynamic URI path to find CGI/Ex/validate.js
+ my $form_name = "the_form"; # name of the form to attach javascript to
+ my $javascript = $vob->generate_js($val_hash, $form_name, $js_uri_path);
+
+
=head1 DESCRIPTION
CGI::Ex::Validate is one of many validation modules. It aims to have
all of the basic data validation functions, avoid adding all of the
millions of possible types, while still giving the capability for the
-developer to add their own types.
+developer to add their own types for the rare cases that the basic
+ones don't suffice. Generally anything more than basic validation
+probably needs programmatic or data based validation.
-CGI::Ex::Validate can work in a simple way like all of the other
-validators do. However, it also allows for grouping of validation
-items and conditional validation of groups or individual items. This
-is more in line with the normal validation procedures for a website.
+CGI::Ex::Validate also has full support for providing the same
+validation in javascript. It provides methods for attaching the
+javascript to existing forms. This ability is tightly integrated into
+CGI::Ex::App, but it should be easy to add validation just about
+anywhere using any type of controller.
-It also has full support for providing the same validation in javascript.
-It provides methods for attaching the javascript to existing forms.
+As opposed to other kitchen sync validation modules, CGI::Ex::Validate
+offers the simple types of validation, and makes it easy to add your
+own custom types. Asside from custom and custom_js, all validation
+markup is declarative.
=head1 METHODS
=item C<validate>
Arguments are a form hashref or cgi object, a validation hashref or
-filename, and an optional what_was_validated arrayref. If a CGI
-object is passed, CGI::Ex::get_form will be called on that object to
-turn it into a hashref. If a filename is given for the validation,
-get_validation will be called on that filename. If the
-what_was_validated_arrayref is passed - it will be populated (pushed)
-with the field hashes that were actually validated (anything that was
-skipped because of validate_if will not be in the array).
+filename, and an optional what_was_validated arrayref (discussed
+further later on). If a CGI object is passed, CGI::Ex::get_form will
+be called on that object to turn it into a hashref. If a filename is
+given for the validation, get_validation will be called on that
+filename. If the what_was_validated_arrayref is passed - it will be
+populated (pushed) with the field hashes that were actually validated
+(anything that was skipped because of validate_if will not be in the
+array).
If the form passes validation, validate will return undef. If it
fails validation, it will return a CGI::Ex::Validate::Error object.
-If the 'raise_error' general option has been set, validate will die
+If the 'raise_error' option has been set, validate will die
with a CGI::Ex::validate::Error object as the value.
my $err_obj = $self->validate($form, $val_hash);
# OR #
- $self->{raise_error} = 1; # raise error can also be listed in the
- val_hash eval { $self->validate($form, $val_hash) }; if ($@) { my
- $err_obj = $@; }
+ $self->{raise_error} = 1; # can also be listed in the val_hash
+ eval { $self->validate($form, $val_hash) };
+ if ($@) { my $err_obj = $@; }
=item C<generate_js>
-Requires JSON or YAML to work properly (see L<JSON> or L<YAML>).
+Works with CGI::Ex::JSONDump, but can also work with JSON or YAML
+if desired (see L<JSON> or L<YAML>).
Takes a validation hash, a form name, and an optional javascript uri
path and returns Javascript that can be embedded on a page and will
-perform identical validations as the server side. The validation can
-be any validation hash (or arrayref of hashes. The form name must be
+perform identical validations as the server side. The form name must be
the name of the form that the validation will act upon - the name is
used to register an onsubmit function. The javascript uri path is
-used to embed the locations two external javascript source files.
-
+used to embed the locations of javascript source files included
+with the CGI::Ex distribution.
The javascript uri path is highly dependent upon the server
configuration and therefore must be configured manually. It may be
code, generate_js will look in $JS_URI_PATH_YAML and
$JS_URI_PATH_VALIDATE. If either of these are not set, generate_js
will default to "$JS_URI_PATH/CGI/Ex/yaml_load.js" and
-"$JS_URI_PATH/CGI/Ex/validate.js".
+"$JS_URI_PATH/CGI/Ex/validate.js" (Note: yaml_load is only needed
+if the flags no_jsondump and no_json have been set).
$self->generate_js($val_hash, 'my_form', "/cgi-bin/js")
# would generate something like the following...
- <script src="/cgi-bin/js/CGI/Ex/yaml_load.js"></script>
<script src="/cgi-bin/js/CGI/Ex/validate.js"></script>
... more js follows ...
- $CGI::Ex::Validate::JS_URI_PATH = "/stock/js";
- $CGI::Ex::Validate::JS_URI_PATH_YAML = "/js/yaml_load.js";
+ $CGI::Ex::Validate::JS_URI_PATH = "/stock/js";
$self->generate_js($val_hash, 'my_form')
# would generate something like the following...
- <script src="/js/yaml_load.js"></script>
<script src="/stock/js/CGI/Ex/validate.js"></script>
... more js follows ...
Referencing yaml_load.js and validate.js can be done in any of
several ways. They can be copied to or symlinked to a fixed location
-in the servers html directory. They can also be printed out by a cgi.
+in the server's html directory. They can also be printed out by a cgi.
The method C<-E<gt>print_js> has been provided in CGI::Ex for printing
js files found in the perl hierarchy. See L<CGI::Ex> for more details.
The $JS_URI_PATH of "/cgi-bin/js" could contain the following:
use strict;
use CGI::Ex;
- ### path_info should contain something like /CGI/Ex/yaml_load.js
+ ### path_info should contain something like /CGI/Ex/validate.js
my $info = $ENV{PATH_INFO} || '';
die "Invalid path" if $info !~ m|^(/\w+)+.js$|;
$info =~ s|^/+||;
exit;
The print_js method in CGI::Ex is designed to cache the javascript in
-the browser (caching is suggested as they are medium sized files).
+the browser.
=item C<-E<gt>cgix>
-Returns a CGI::Ex object. Used internally.
+Returns a CGI::Ex object. Used internally if a CGI object is
+passed to validate rather than a straight form hash.
=back
=head1 VALIDATION HASH
-The validation hash may be passed as a perl a hashref or as a
-filename, or as a YAML document string. If it is a filename, it will
-be translated into a hash using the %EXT_HANDLER for the extension on
-the file. If there is no extension, it will use $DEFAULT_EXT as a
-default.
+The validation hash may be passed as a hashref or as a filename, or as
+a YAML document string. Experience has shown it to be better
+programming to pass in a hashref. If the validation "hash" is a
+filename or a YAML string, it will be translated into a hash using
+CGI::Ex::Conf.
-The validation "hash" may also be an arrayref of hashrefs. In this
-case, each arrayref is treated as a group and is validated separately.
-A group can have a validate_if function that allows for that
-particular group to apply only if certain conditions are met.
+Keys matching the regex m/^(general|group)\s+(\w+)$/ such as "group
+onevent" are reserved and are counted as GROUP OPTIONS. Other keys
+(if any, should be field names that need validation).
-=head1 GROUPS
+If the GROUP OPTION 'group validate_if' is set, the validation will
+only be validated if the conditions of the validate_if are met. If
+'group validate_if' is not specified, then the validation will
+proceed. See the validate_if VALIDATION type for more information.
-Each hashref that is passed as a validation hash is treated as a
-group. Keys matching the regex m/^group\s+(\w+)$/ are reserved and
-are counted as GROUP OPTIONS. Keys matching the regex m/^general\s+(\w+)$/
-are reserved and are counted as GENERAL OPTIONS. Other keys (if
-any, should be keys that need validation).
-
-If the GROUP OPTION 'group validate_if' is set, the group will only
-be validated if the conditions are met. Any group with out a validate_if
-fill be automatically validated.
-
-Each of the items listed in the group will be validated. The
+Each of the items listed in the validation will be validated. The
validation order is determined in one of three ways:
=over 4
=back
-Each of the individual field validation hashrefs should contain the
-types listed in VALIDATION TYPES.
-
Optionally the 'group fields' or the 'group order' may contain the
word 'OR' as a special keyword. If the item preceding 'OR' fails
validation the item after 'OR' will be tested instead. If the item
'group order' => [qw(zip OR postalcode state OR region)],
-Each individual validation hashref will operate on the field contained
+At this time, only "group onevent" submit works with this option. Using
+OR is deprecated. Instead you should use min_in_set or max_in_set.
+
+ 'zip' => {
+ max_in_set: '1 of zip, postalcode',
+ },
+ 'state' => {
+ max_in_set: '1 of state, region',
+ },
+
+Each individual field validation hashref will operate on the field contained
in the 'field' key. This key may also be a regular expression in the
form of 'm/somepattern/'. If a regular expression is used, all keys
-matching that pattern will be validated.
+matching that pattern will be validated. If the field key is
+not specified, the key from the top level hash will be used.
+
+ foobar => { # "foobar" is not used as key because field is specified
+ field => 'real_key_name',
+ required => 1,
+ },
+ real_key_name2 => {
+ required => 1,
+ },
+
+Each of the individual field validation hashrefs should contain the
+types listed in VALIDATION TYPES.
=head1 VALIDATION TYPES
This section lists the available validation types. Multiple instances
of the same type may be used for some validation types by adding a
-number to the type (ie match, match2, match232, match_94). Multiple
-instances are validated in sorted order. Types that allow multiple
-values are:
-
- compare
- custom
- equals
- match
- max_in_set
- min_in_set
- replace
- required_if
- sql
- type
- validate_if
+number to the type (ie match, match2, match232). Multiple instances
+are validated in sorted order. Types that allow multiple values are:
+compare, custom, custom_js, equals, enum, match, required_if, sql,
+type, validate_if, and replace (replace is a MODIFICATION TYPE).
=over 4
-=item C<validate_if>
+=item C<compare>
-If validate_if is specified, the field will only be validated
-if the conditions are met. Works in JS.
+Allows for custom comparisons. Available types are
+>, <, >=, <=, !=, ==, gt, lt, ge, le, ne, and eq. Comparisons
+also work in the JS.
- validate_if => {field => 'name', required => 1, max_len => 30}
- # Will only validate if the field "name" is present and is less than 30 chars.
+ {
+ field => 'my_number',
+ match => 'm/^\d+$/',
+ compare1 => '> 100',
+ compare2 => '< 255',
+ compare3 => '!= 150',
+ }
- validate_if => 'name',
- # SAME as
- validate_if => {field => 'name', required => 1},
+=item C<custom>
- validate_if => '! name',
- # SAME as
- validate_if => {field => 'name', max_in_set => '0 of name'},
+Custom value - not available in JS. Allows for extra programming types.
+May be either a boolean value predetermined before calling validate, or may be
+a coderef that will be called during validation. If coderef is called, it will
+be passed the field name, the form value for that name, and a reference to the
+field validation hash. If the custom type returns false the element fails
+validation and an error is added.
- validate_if => {field => 'country', compare => "eq US"},
- # only if country's value is equal to US
+ {
+ field => 'username',
+ custom => sub {
+ my ($key, $val, $type, $field_val_hash) = @_;
+ # do something here
+ return 0;
+ },
+ }
- validate_if => {field => 'country', compare => "ne US"},
- # if country doesn't equal US
+=item C<custom_js>
- validate_if => {field => 'password', match => 'm/^md5\([a-z0-9]{20}\)$/'},
- # if password looks like md5(12345678901234567890)
+Custom value - only available in JS. Allows for extra programming types.
+May be a javascript function (if fully declared in javascript), a string containing
+a javascript function (that will be eval'ed into a real function),
+a boolean value pre-determined before calling validate, or may be
+section of javascript that will be eval'ed (the last value of
+the eval'ed javascript will determine if validation passed). A false response indicates
+the value did not pass validation. A true response indicates that it did. See
+the samples/validate_js_0_tests.html page for a sample of usages.
{
- field => 'm/^(\w+)_pass/',
- validate_if => '$1_user',
- required => 1,
+ field => 'date',
+ required => 1,
+ match => 'm|^\d\d\d\d/\d\d/\d\d$|',
+ match_error => 'Please enter date in YYYY/MM/DD format',
+ custom_js => "function (args) {
+ var t=new Date();
+ var y=t.getYear()+1900;
+ var m=t.getMonth() + 1;
+ var d=t.getDate();
+ if (m<10) m = '0'+m;
+ if (d<10) d = '0'+d;
+ (args.value > ''+y+'/'+m+'/'+d) ? 1 : 0;
+ }",
+ custom_js_error => 'The date was not greater than today.',
}
- # will validate foo_pass only if foo_user was present.
-The validate_if may also contain an arrayref of validation items. So that
-multiple checks can be run. They will be run in order. validate_if will
-return true only if all options returned true.
-
- validate_if => ['email', 'phone', 'fax']
+=item C<enum>
-Optionally, if validate_if is an arrayref, it may contain the word
-'OR' as a special keyword. If the item preceding 'OR' fails validation
-the item after 'OR' will be tested instead. If the item preceding 'OR'
-passes validation the item after 'OR' will not be tested.
+Allows for checking whether an item matches a set of options. In perl
+the value may be passed as an arrayref. In the conf or in perl the
+value may be passed of the options joined with ||.
- validate_if => [qw(zip OR postalcode)],
+ {
+ field => 'password_type',
+ enum => 'plaintext||crypt||md5', # OR enum => [qw(plaintext crypt md5)],
+ }
-=item C<required_if>
+=item C<equals>
-Requires the form field if the condition is satisfied. The conditions
-available are the same as for validate_if. This is somewhat the same
-as saying:
+Allows for comparison of two form elements. Can have an optional !.
- validate_if => 'some_condition',
- required => 1
+ {
+ field => 'password',
+ equals => 'password_verify',
+ },
+ {
+ field => 'domain1',
+ equals => '!domain2', # make sure the fields are not the same
+ }
- required_if => 'some_condition',
+=item C<had_error>
-If a regex is used for the field name, the required_if
-field will have any match patterns swapped in.
+Typically used by a validate_if. Allows for checking if this item has had
+an error.
{
- field => 'm/^(\w+)_pass/',
- required_if => '$1_user',
+ field => 'alt_password',
+ validate_if => {field => 'password', had_error => 1},
}
-This example would require the "foobar_pass" field to be set
-if the "foobar_user" field was passed.
+This is basically the opposite of was_valid.
-=item C<required>
-
-Requires the form field to have some value. If the field is not present,
-no other checks will be run.
+=item C<match>
-=item C<min_values> and C<max_values>
+Allows for regular expression comparison. Multiple matches may
+be concatenated with ||. Available in JS.
-Allows for specifying the maximum number of form elements passed.
-max_values defaults to 1 (You must explicitly set it higher
-to allow more than one item by any given name).
+ {
+ field => 'my_ip',
+ match => 'm/^\d{1,3}(\.\d{1,3})3$/',
+ match_2 => '!/^0\./ || !/^192\./',
+ }
-=item C<min_in_set> and C<max_in_set>
+=item C<max_in_set> and C<min_in_set>
Somewhat like min_values and max_values except that you specify the
fields that participate in the count. Also - entries that are not
validate_if => {field => 'whatever', max_in_set => '0 of whatever'},
# only run validation if there were zero occurrences of whatever
-=item C<enum>
-
-Allows for checking whether an item matches a set of options. In perl
-the value may be passed as an arrayref. In the conf or in perl the
-value may be passed of the options joined with ||.
-
- {
- field => 'password_type',
- enum => 'plaintext||crypt||md5', # OR enum => [qw(plaintext crypt md5)],
- }
-
-=item C<equals>
-
-Allows for comparison of two form elements. Can have an optional !.
-
- {
- field => 'password',
- equals => 'password_verify',
- },
- {
- field => 'domain1',
- equals => '!domain2', # make sure the fields are not the same
- }
-
-=item C<min_len and max_len>
+=item C<max_len and min_len>
Allows for check on the length of fields
max_len => 100,
}
-=item C<match>
+=item C<max_values> and C<min_values>
-Allows for regular expression comparison. Multiple matches may
-be concatenated with ||. Available in JS.
+Allows for specifying the maximum number of form elements passed.
+max_values defaults to 1 (You must explicitly set it higher
+to allow more than one item by any given name).
- {
- field => 'my_ip',
- match => 'm/^\d{1,3}(\.\d{1,3})3$/',
- match_2 => '!/^0\./ || !/^192\./',
- }
+=item C<required>
-=item C<compare>
+Requires the form field to have some value. If the field is not present,
+no other checks will be run.
-Allows for custom comparisons. Available types are
->, <, >=, <=, !=, ==, gt, lt, ge, le, ne, and eq. Comparisons
-also work in the JS.
+=item C<required_if>
+
+Requires the form field if the condition is satisfied. The conditions
+available are the same as for validate_if. This is somewhat the same
+as saying:
+
+ validate_if => 'some_condition',
+ required => 1
+
+ required_if => 'some_condition',
+
+If a regex is used for the field name, the required_if
+field will have any match patterns swapped in.
{
- field => 'my_number',
- match => 'm/^\d+$/',
- compare1 => '> 100',
- compare2 => '< 255',
- compare3 => '!= 150',
+ field => 'm/^(\w+)_pass/',
+ required_if => '$1_user',
}
+This example would require the "foobar_pass" field to be set
+if the "foobar_user" field was passed.
+
=item C<sql>
SQL query based - not available in JS. The database handle will be looked
# sql_db_type => 'foo', # will look for a dbh under $self->{dbhs}->{foo}
}
-=item C<custom>
+=item C<type>
-Custom value - not available in JS. Allows for extra programming types.
-May be either a boolean value predetermined before calling validate, or may be
-a coderef that will be called during validation. If coderef is called, it will
-be passed the field name, the form value for that name, and a reference to the
-field validation hash. If the custom type returns false the element fails
-validation and an error is added.
+Allows for more strict type checking. Currently supported types
+include CC (credit card), EMAIL, DOMAIN, IP, URL. Other types will be
+added upon request provided we can add a perl and a javascript
+version.
{
- field => 'username',
- custom => sub {
- my ($key, $val, $type, $field_val_hash) = @_;
- # do something here
- return 0;
- },
+ field => 'credit_card',
+ type => 'CC',
}
-=item C<custom_js>
+=item C<validate_if>
-Custom value - only available in JS. Allows for extra programming types.
-May be either a boolean value pre-determined before calling validate, or may be
-section of javascript that will be eval'ed. The last value (return value) of
-the eval'ed javascript will determine if validation passed. A false value indicates
-the value did not pass validation. A true value indicates that it did. See
-the t/samples/js_validate_3.html page for a sample of usage.
+If validate_if is specified, the field will only be validated
+if the conditions are met. Works in JS.
+
+ validate_if => {field => 'name', required => 1, max_len => 30}
+ # Will only validate if the field "name" is present and is less than 30 chars.
+
+ validate_if => 'name',
+ # SAME as
+ validate_if => {field => 'name', required => 1},
+
+ validate_if => '! name',
+ # SAME as
+ validate_if => {field => 'name', max_in_set => '0 of name'},
+
+ validate_if => 'name was_valid',
+ # SAME as
+ validate_if => {field => 'name', was_valid => 1},
+
+ validate_if => {field => 'country', compare => "eq US"},
+ # only if country's value is equal to US
+
+ validate_if => {field => 'country', compare => "ne US"},
+ # if country doesn't equal US
+
+ validate_if => {field => 'password', match => 'm/^md5\([a-z0-9]{20}\)$/'},
+ # if password looks like md5(12345678901234567890)
{
- field => 'date',
- required => 1,
- match => 'm|^\d\d\d\d/\d\d/\d\d$|',
- match_error => 'Please enter date in YYYY/MM/DD format',
- custom_js => "
- var t=new Date();
- var y=t.getYear()+1900;
- var m=t.getMonth() + 1;
- var d=t.getDate();
- if (m<10) m = '0'+m;
- if (d<10) d = '0'+d;
- (value > ''+y+'/'+m+'/'+d) ? 1 : 0;
- ",
- custom_js_error => 'The date was not greater than today.',
+ field => 'm/^(\w+)_pass/',
+ validate_if => '$1_user',
+ required => 1,
}
+ # will validate foo_pass only if foo_user was present.
-=item C<type>
+The validate_if may also contain an arrayref of validation items. So that
+multiple checks can be run. They will be run in order. validate_if will
+return true only if all options returned true.
-Allows for more strict type checking. Currently supported types
-include CC (credit card). Other types will be added upon request provided
-we can add a perl and a javascript version.
+ validate_if => ['email', 'phone', 'fax']
+
+Optionally, if validate_if is an arrayref, it may contain the word
+'OR' as a special keyword. If the item preceding 'OR' fails validation
+the item after 'OR' will be tested instead. If the item preceding 'OR'
+passes validation the item after 'OR' will not be tested.
+
+ validate_if => [qw(zip OR postalcode)],
+
+=item C<was_valid>
+
+Typically used by a validate_if. Allows for checking if this item has successfully
+been validated.
{
- field => 'credit_card',
- type => 'CC',
+ field => 'password2',
+ validate_if => {field => 'password', was_valid => 1},
}
+This is basically the opposite of was_valid.
+
=back
=head1 SPECIAL VALIDATION TYPES
exclude_cgi => 1,
}
+=item C<vif_disable>
+
+Only functions in javascript. Will mark set the form element to
+disabled if validate_if fails. It will mark it as enabled if
+validate_if is successful. This item should normally only be used
+when onevent includes "change" or "blur".
+
=back
=head1 MODIFYING VALIDATION TYPES
{field => 'foo', do_not_trim => 1}
+=item C<trim_control_chars>
+
+Off by default. If set to true, removes characters in the
+\x00 to \x31 range (Tabs are translated to a single space).
+
+ {field => 'foo', trim_control_chars => 1}
+
=item C<replace>
Pass a swap pattern to change the actual value of the form.
This is for use in conjunction with perl's -T switch.
+=item C<clear_on_error>
+
+Clears the form field should a validation error occur. Only supported
+on the Javascript side (no affect on the server side).
+
=back
=head1 ERROR OBJECT
Returns an array or arrayref (depending on scalar context) of errors that
occurred in the order that they occurred. Individual groups may have a heading
and the entire validation will have a heading (the default heading can be changed
-via the 'as_array_title' general option). Each error that occurred is a separate
-item and are pre-pended with 'as_array_prefix' (which is a general option - default
+via the 'as_array_title' group option). Each error that occurred is a separate
+item and are pre-pended with 'as_array_prefix' (which is a group option - default
is ' '). The as_array_ options may also be set via a hashref passed to as_array.
as_array_title defaults to 'Please correct the following items:'.
=item C<as_hash>
Returns a hash or hashref (depending on scalar context) of errors that
-occurred. Each key is the field name of the form that failed validation with
-'as_hash_suffix' added on as a suffix. as_hash_suffix is available as a general option
-and may also be passed in via a hashref as the only argument to as_hash.
-The default value is '_error'. The values of the hash are arrayrefs of errors
-that occurred to that form element.
-
-By default as_hash will return the values of the hash as arrayrefs (a list of the errors
-that occurred to that key). It is possible to also return the values as strings.
-Three options are available for formatting: 'as_hash_header' which will be pre-pended
-onto the error string, 'as_hash_footer' which will be appended, and 'as_hash_join' which
-will be used to join the arrayref. The only argument required to force the
-stringification is 'as_hash_join'.
+occurred. Each key is the field name of the form that failed
+validation with 'as_hash_suffix' added on as a suffix. as_hash_suffix
+is available as a group option and may also be passed in via a
+hashref as the only argument to as_hash. The default value is
+'_error'. The values of the hash are arrayrefs of errors that
+occurred to that form element.
+
+By default as_hash will return the values of the hash as arrayrefs (a
+list of the errors that occurred to that key). It is possible to also
+return the values as strings. Three options are available for
+formatting: 'as_hash_header' which will be pre-pended onto the error
+string, 'as_hash_footer' which will be appended, and 'as_hash_join'
+which will be used to join the arrayref. The only argument required
+to force the stringification is 'as_hash_join'.
### if this returns the following
my $hash = $err_obj->as_hash;
=head1 GROUP OPTIONS
-Any key in a validation hash matching the pattern m/^group\s+(\w+)$/
-is considered a group option. The current know options are:
+Any key in a validation hash matching the pattern
+m/^(group|general)\s+(\w+)$/ is considered a group option (the reason
+that either group or general may be used is that CGI::Ex::Validate
+used to have the concept of validation groups - these were not
+commonly used so support has been deprecated as of the 2.10 release).
+Group options will also be looked for in the Validate object ($self)
+and can be set when instantiating the object ($self->{raise_error} is
+equivalent to $valhash->{'group raise_error'}).
+
+Options may also be set globally before calling validate by
+populating the %DEFAULT_OPTIONS global hash. However, only the options
+set properly in the $valhash will be passed to the javascript.
=over 4
-=item C<'group title'>
+=item C<title>
Used as a group section heading when as_array or as_string is called
by the error object.
-=item C<'group order'>
+ 'group title' => 'Title of errors',
-Order in which to validate key/value pairs of group.
+=item C<order>
-=item C<'group fields'>
-
-Arrayref of validation items to validate.
-
-=item C<'group validate_if'>
-
-Conditions that will be checked to see if the group should be validated.
-If no validate_if option is found, the group will be validated.
-
-=back
+Order in which to validate key/value pairs of group.
-=head1 GENERAL OPTIONS
+ 'group order' => [qw(user pass email OR phone)],
-Any key in a validation hash matching the pattern m/^general\s+(\w+)$/
-is considered a general option. General options will also be looked
-for in the Validate object ($self) and can be set when instantiating
-the object ($self->{raise_error} is equivalent to
-$valhash->{'general raise_error'}). The current know options are:
+=item C<fields>
-General options may be set in any group using the syntax:
+Arrayref of validation items to validate.
- 'general general_option_name' => 'general_option_value'
+ 'group fields' => [{
+ field => 'field1',
+ required => 1,
+ }, {
+ field => 'field2',
+ required => 1,
+ }],
-They will only be set if the group's validate_if is successful or
-if the group does not have a validate_if. It is also possible to set
-a "group general" option using the following syntax:
+=item C<validate_if>
- 'group general_option_name' => 'general_option_value'
+If specified - the entire hashref will only be validated if
+the "if" conditions are met.
-These items will only be set if the group fails validation.
-If a group has a validate_if block and passes validation, the group
-items will not be used. This is so that a failed section can have
-its own settings. Note though that the last option found will be
-used and that items set in $self override those set in the validation
-hash.
+ 'group validate_if => {field => 'email', required => 1},
-Options may also be set globally before calling validate by
-populating the %DEFAULT_OPTIONS global hash.
+This group would only validate all fields if the email field
+was present.
-=over 4
-
-=item C<'general raise_error'>
+=item C<raise_error>
If raise_error is true, any call to validate that fails validation
will die with an error object as the value.
-=item C<'general no_extra_fields'>
+=item C<no_extra_fields>
If no_extra_fields is true, validate will add errors for any field found
in form that does not have a field_val hashref in the validation hash.
in a validate_if or required_if statement will not be included. You must
have an explicit entry for each key.
-=item C<'general \w+_error'>
+=item C<\w+_error>
These items allow for an override of the default errors.
- 'general required_error' => '$name is really required',
- 'general max_len_error' => '$name must be shorter than $value characters',
+ 'group required_error' => '$name is really required',
+ 'group max_len_error' => '$name must be shorter than $value characters',
# OR #
my $self = CGI::Ex::Validate->new({
max_len_error => '$name must be shorter than $value characters',
});
-=item C<'general as_array_title'>
+=item C<as_array_title>
Used as the section title for all errors that occur, when as_array
or as_string is called by the error object.
-=item C<'general as_array_prefix'>
+=item C<as_array_prefix>
Used as prefix to individual errors that occur, when as_array
or as_string is called by the error object. Each individual error
will be prefixed with this string. Headings will not be prefixed.
Default is ' '.
-=item C<'general as_string_join'>
+=item C<as_string_join>
When as_string is called, the values from as_array will be joined with
as_string_join. Default value is "\n".
-=item C<'general as_string_header'>
+=item C<as_string_header>
If set, will be pre-pended onto the string when as_string is called.
-=item C<'general as_string_footer'>
+=item C<as_string_footer>
If set, will be pre-pended onto the string when as_string is called.
-=item C<'general as_hash_suffix'>
+=item C<as_hash_suffix>
Added on to key names during the call to as_hash. Default is '_error'.
-=item C<'general as_hash_join'>
+=item C<as_hash_join>
By default, as_hash will return hashref values that are errors joined with
the default as_hash_join value of <br />. It can also return values that are
arrayrefs of the errors. This can be done by setting as_hash_join to a non-true value
(for example '')
-=item C<'general as_hash_header'>
+=item C<as_hash_header>
If as_hash_join has been set to a true value, as_hash_header may be set to
a string that will be pre-pended on to the error string.
-=item C<'general as_hash_footer'>
+=item C<as_hash_footer>
If as_hash_join has been set to a true value, as_hash_footer may be set to
a string that will be postpended on to the error string.
-=item C<'general no_inline'>
+=item C<onevent>
+
+Defaults to {submit => 1}. This controls when the javascript validation
+will take place. May be passed any or all or load, submit, change, or blur.
+Multiple events may be passed in the hash.
+
+ 'group onevent' => {submit => 1, change => 1}',
+
+A comma separated string of types may also be passed:
+
+ 'group onevent' => 'submit,change,blur,load',
+
+Currently, change and blur will not work for dynamically matched
+field names such as 'm/\w+/'. Support will be added.
+
+=item C<set_hook>
+
+Defaults document.validate_set_hook which defaults to nothing. If
+"group set_hook" or document.validate_set_hook are set to a function,
+they will be passed the key name of a form element that had a
+validation error and the error that will be set. If a true value is
+returned, then validate will not also the inline error. If no value
+or false is returned (default) the validate will continue setting the
+inline error. This gives full control over setting inline
+errors. samples/validate_js_2_onchange.html has a good example of
+using these hooks.
-If set to true, the javascript validation will not attempt to generate inline
-errors. Default is true. Inline errors are independent of confirm and alert
-errors.
+ 'group set_hook' => "function (args) {
+ alert("Setting error to field "+args.key);
+ }",
-=item C<'general no_confirm'>
+The args parameter includes key, value, val_hash, and form.
-If set to true, the javascript validation will try to use an alert instead
-of a confirm to inform the user of errors. Alert and confirm are independent
+The document.validate_set_hook option is probably the better option to use,
+as it helps to separate display functionality out into your html templates
+rather than storing too much html logic in your CGI.
+
+=item C<clear_hook>
+
+Similar to set_hook, but called when inline error is cleared. Its
+corresponding default is document.validate_clear_hook. The clear hook
+is also sampled in samples/validate_js_2_onchange.html
+
+ 'group clear_hook' => "function (args) {
+ alert("Clear error on field "+args.key);
+ }",
+
+The args parameter includes key, val_hash, form, and was_valid.
+
+=item C<no_inline>
+
+If set to true, the javascript validation will not attempt to generate
+inline errors when the only "group onevent" type is "submit". Default
+is true. Inline errors are independent of confirm and alert errors.
+
+ 'group no_inline' => 1,
+
+=item C<no_confirm>
+
+If set to true, the javascript validation will try to use an alert
+instead of a confirm to inform the user of errors when one of the
+"group onevent" types is "submit". Alert and confirm are independent
or inline errors. Default is false.
-=item C<'general no_alert'>
+ 'group no_confirm' => 1,
+
+=item C<no_alert>
If set to true, the javascript validation will not show an alert box
when errors occur. Default is false. This option only comes into
-play if no_confirm is also set. This option is independent of inline
-errors. Although it is possible to turn off all errors by setting
-no_inline, no_confirm, and no_alert all to 1, it is suggested that at
-least one of the error reporting facilities is left on.
+play if no_confirm is also set. This option is only in effect if
+"group onevent" includes "submit". This option is independent of
+inline errors. Although it is possible to turn off all errors by
+setting no_inline, no_confirm, and no_alert all to 1, it is suggested
+that at least one of the error reporting facilities is left on.
-=back
-
-It is possible to have a group that contains nothing but general options.
+ 'group no_alert' => 1,
- my $val_hash = [
- {'general error_title' => 'The following things went wrong',
- 'general error_prefix' => ' - ',
- 'general raise_error' => 1,
- 'general name_suffix' => '_foo_error',
- 'general required_error' => '$name is required',
- },
- {'group title' => 'User Information',
- username => {required => 1},
- email => {required => 1},
- password => {required => 1},
- },
- ];
+=back
=head1 JAVASCRIPT
client side as on the server side. Errors can be shown in any
combination of inline and confirm, inline and alert, inline only,
confirm only, alert only, and none. These combinations are controlled
-by the general options no_inline, no_confirm, and no_alert.
+by the group options no_inline, no_confirm, and no_alert.
Javascript validation can be generated for a page using the
C<-E<gt>generate_js> Method of CGI::Ex::Validate. It is also possible
to store the validation inline with the html. This can be done by
All inline html validation must be written in yaml.
-It is anticipated that the html will contain something like either of the
+It is anticipated that the html will contain something like one of the
following examples:
+ <script src="/cgi-bin/js/CGI/Ex/validate.js"></script>
+ <script>
+ document.validation = {
+ 'group no_confirm': 1,
+ 'group no_alert': 1,
+ 'group onevent': 'change,blur,submit',
+ 'group order': ['username', 'password'],
+ username: {
+ required: 1,
+ max_len: 20
+ },
+ password: {
+ required: 1,
+ max_len: 30
+ }
+ };
+ if (document.check_form) document.check_form('my_form_name');
+ </script>
+
+Prior to the realization of JSON, YAML was part of the method
+for introducing validation into the script.
+
<script src="/cgi-bin/js/CGI/Ex/yaml_load.js"></script>
<script src="/cgi-bin/js/CGI/Ex/validate.js"></script>
<script>
if (document.check_form) document.check_form('my_form_name');
</script>
-Alternately we can use element attributes:
+Alternately, CGI/Ex/validate.js can parse the YAML from html
+form element attributes:
<form name="my_form_name">
if (document.check_form) document.check_form('my_form_name');
</script>
-The read_handler_html from CGI::Ex::Conf will find either of these
-types of validation.
+The read_handler_html from CGI::Ex::Conf will find the YAML types
+of validation. The JSON type is what would be generated by default
+when the validation is specified in Perl.
-If inline errors are asked for, each error that occurs will attempt
+If inline errors are enabled (default), each error that occurs will attempt
to find an html element with its name as the id. For example, if
the field "username" failed validation and created a "username_error",
the javascript would set the html of <span id="username_error"></span>
If the javascript fails for some reason, the form should still be able
to submit as normal (fail gracefully).
-If the confirm option is used, the errors will be displayed to the user.
-If they choose OK they will be able to try and fix the errors. If they
-choose cancel, the form will submit anyway and will rely on the server
-to do the validation. This is for fail safety to make sure that if the
-javascript didn't validate correctly, the user can still submit the data.
+Additionally, there are two hooks that are called when ever an inline
+error is set or cleared. The following hooks are used in
+samples/validate_js_2_onchange.html to highlight the row and set an icon.
+
+ document.validate_set_hook = function (args) {
+ document.getElementById(args.key+'_img').innerHTML
+ = '<span style="font-weight:bold;color:red">!</span>';
+ document.getElementById(args.key+'_row').style.background
+ = '#ffdddd';
+ };
+
+ document.validate_clear_hook = function (args) {
+ if (args.was_valid) {
+ document.getElementById(args.key+'_img').innerHTML
+ = '<span style="font-weight:bold;color:green">+</span>';
+ document.getElementById(args.key+'_row').style.background
+ = '#ddffdd';
+ } else {
+ document.getElementById(args.key+'_img').innerHTML = '';
+ document.getElementById(args.key+'_row').style.background = '#fff';
+ }
+ };
+
+These hooks can also be set as "group clear_hook" and "group set_hook"
+which are defined further above.
+
+If the confirm option is used ("group onevent" includes submit and
+"group no_confirm" is false), the errors will be displayed to the
+user. If they choose OK they will be able to try and fix the errors.
+If they choose cancel, the form will submit anyway and will rely on
+the server to do the validation. This is for fail safety to make sure
+that if the javascript didn't validate correctly, the user can still
+submit the data.
=head1 THANKS
Thanks to Eamon Daly for providing bug fixes for bugs in validate.js
caused by HTML::Prototype.
-=head1 AUTHOR
-
-Paul Seamons
-
=head1 LICENSE
This module may be distributed under the same terms as Perl itself.
-=cut
+=head1 AUTHOR
+Paul Seamons <paul at seamons dot com>
+=cut
projects / chaz / p5-CGI-Ex / blobdiff