OreDict entry creation has no input validation #53
Comments
|
I will hold off deploying the current OreDict until this is ready. |
|
Hm. Upon further investigation this is actually true for the ImportOreDict page too. This also actually brings us back to an old issue, #21, regarding the validation of mod abbreviation inputs. I think the checks implemented should be as follows:
Regarding the mod abbreviation, I don't know what an adequate check would be. We actually don't perform any checks on the information passed to Tilesheets either (see also). Regarding the grid params, I also don't know what an adequate check would be. It's not used much to begin with. Do we need any checks for this? |
elifoster
changed the title
|
We should definitely verify that the tag name and item name are non-empty and not just whitespace. Grid parameters are optional so we don't need any sort of check on them. |
|
What about the mod abbreviation? |
|
That too. The mod abbreviation definitely should be required and non-empty and not just whitespace. |
|
Should we provide any additional checks on it though? I know there are specific requirements the tilesheet program (ftb-rs) has that are not actually enforced in either extension. |
|
Okay, I looked a bit into stuff. The tag name, item name, and mod abbreviation cannot have any characters that are invalid for a title. They must match After this is implemented, someone will need to run a script to check all tile name, tag names, and mod abbreviations that they are valid. For invalid chars, someone will need to manually update the database directly (since invalid characters prevents you from saving any changes after the invalid characters are added). |
The creation functionality does not perform any checks against the data provided so you can literally put nothing and it will create an entry.
The text was updated successfully, but these errors were encountered: