[web2py] validate_and_insert() doesn't work for absent field

2013-06-27 Thread Ray (a.k.a. Iceberg)
Hi community, I'm working with web2py, again. :-) It took me hours today to realize validate_and_insert(field1=value1, field3=value3, ...) only works for the fields appears, but not for those absent. Is this a expected behavior or is it considered a bug? See example. # -*- coding: utf-8 -*-

Re: [web2py] validate_and_insert() doesn't work for absent field

2013-06-27 Thread Vinicius Assef
I think this is expected, because the field.requires property exists to be executed in forms and validate_and_insert() only simulates this behaviour. On Thu, Jun 27, 2013 at 7:30 AM, Ray (a.k.a. Iceberg) iceb...@qq.com wrote: Hi community, I'm working with web2py, again. :-) It took me hours

Re: [web2py] validate_and_insert() doesn't work for absent field

2013-06-27 Thread Ray (a.k.a. Iceberg)
Thanks for trying to help. But sorry I don't understand how your theory can explain why the 2nd case in my example works and 3rd case didn't. On Thursday, June 27, 2013 7:45:48 PM UTC+8, viniciusban wrote: I think this is expected, because the field.requires property exists to be executed in

Re: [web2py] validate_and_insert() doesn't work for absent field

2013-06-27 Thread Anthony
On Thursday, June 27, 2013 8:39:23 AM UTC-4, Ray (a.k.a. Iceberg) wrote: Thanks for trying to help. But sorry I don't understand how your theory can explain why the 2nd case in my example works and 3rd case didn't. The second case is equivalent to a form including both fields but the user

Re: [web2py] validate_and_insert() doesn't work for absent field

2013-06-27 Thread Ray (a.k.a. Iceberg)
On Thursday, June 27, 2013 8:52:14 PM UTC+8, Anthony wrote: On Thursday, June 27, 2013 8:39:23 AM UTC-4, Ray (a.k.a. Iceberg) wrote: Thanks for trying to help. But sorry I don't understand how your theory can explain why the 2nd case in my example works and 3rd case didn't. The second

Re: [web2py] validate_and_insert() doesn't work for absent field

2013-06-27 Thread Vinicius Assef
That's the security part of using forms: Web2py doesn't count on what is coming in the request to make a form and validate. It counts on your field definitions in form creation time. That's why we have the fields argument in SQLFORM and in SQLFORM.factory. When no field is explicitly passed, all

Re: [web2py] validate_and_insert() doesn't work for absent field

2013-06-27 Thread Anthony
That makes sense. Thanks. And then it raises another concern: when in the normal form situation, is it possible a user forges an http post without several field, in order to bypass the IS_NOT_EMPTY() or whatever validator? Is this a security vulnerability? No, because the forged post