Skip to content

Commit 90fde03

Browse files
kenjiskenjis
committed
docs: update docs
1 parent bb365c2 commit 90fde03

File tree

3 files changed

+23
-11
lines changed

3 files changed

+23
-11
lines changed

user_guide_src/source/installation/upgrade_430.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -262,6 +262,8 @@ Config
262262
- app/Config/Security.php
263263
- Changed the value of the property ``$redirect`` to ``false`` to prevent redirection when a CSRF
264264
check fails. This is to make it easier to recognize that it is a CSRF error.
265+
- app/Config/Validation.php
266+
- The default Validation Rules have been changed to Strict Rules for better security. See :ref:`validation-traditional-and-strict-rules`.
265267

266268
All Changes
267269
===========

user_guide_src/source/libraries/validation.rst

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -201,10 +201,17 @@ Config for Validation
201201
Traditional and Strict Rules
202202
============================
203203

204-
CI4 has two kinds of Validation rule classes.
205-
The default rule classes (**Traditional Rules**) have the namespace ``CodeIgniter\Validation``,
204+
CodeIgniter 4 has two kinds of Validation rule classes.
205+
The traditional rule classes (**Traditional Rules**) have the namespace ``CodeIgniter\Validation``,
206206
and the new classes (**Strict Rules**) have ``CodeIgniter\Validation\StrictRules``, which provide strict validation.
207207

208+
.. note:: Since v4.3.0, **Strict Rules** are used by default for better security.
209+
210+
Traditional Rules
211+
-----------------
212+
213+
.. warning:: When validating data that contains non-string values, such as JSON data, it is recommended to use **Strict Rules**.
214+
208215
The **Traditional Rules** implicitly assume that string values are validated,
209216
and the input value may be converted implicitly to a string value.
210217
It works for most basic cases like validating POST data.
@@ -213,14 +220,17 @@ However, for example, if you use JSON input data, it may be a type of bool/null/
213220
When you validate the boolean ``true``, it is converted to string ``'1'`` with the Traditional rule classes.
214221
If you validate it with the ``integer`` rule, ``'1'`` passes the validation.
215222

216-
The **Strict Rules** don't use implicit type conversion.
223+
Strict Rules
224+
------------
217225

218-
.. warning:: When validating data that contains non-string values, such as JSON data, it is recommended to use **Strict Rules**.
226+
.. versionadded:: 4.2.0
227+
228+
The **Strict Rules** don't use implicit type conversion.
219229

220-
Using Strict Rules
221-
------------------
230+
Using Traditional Rules
231+
-----------------------
222232

223-
If you want to use these rules, you need to change the rule classes in **app/Config/Validation.php**:
233+
If you want to use traditional rules, you need to change the rule classes in **app/Config/Validation.php**:
224234

225235
.. literalinclude:: validation/003.php
226236

user_guide_src/source/libraries/validation/003.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,10 @@
55
class Validation
66
{
77
public $ruleSets = [
8-
\CodeIgniter\Validation\StrictRules\CreditCardRules::class,
9-
\CodeIgniter\Validation\StrictRules\FileRules::class,
10-
\CodeIgniter\Validation\StrictRules\FormatRules::class,
11-
\CodeIgniter\Validation\StrictRules\Rules::class,
8+
\CodeIgniter\Validation\CreditCardRules::class,
9+
\CodeIgniter\Validation\FileRules::class,
10+
\CodeIgniter\Validation\FormatRules::class,
11+
\CodeIgniter\Validation\Rules::class,
1212
];
1313

1414
// ...

0 commit comments

Comments
 (0)