Dear Moodlers,
I am using moodle 1.9.4 , Its shocking and keeps me wondering how this could happen when i see the fact that mandatory fields accepts space as input.
To pin point this i created a entry in tracker, and very sad to say that no steps have been taken on this issue till now.
Its a major flaw from UI,Usability point of view.
Vote or comment on this issue , you can find the tracker entry here
Important : Mandatory fields accepting space as input ! ! ! !
Number of replies: 37
In reply to Ravishankar Somasundaram
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Joseph Rézeau -
On the contrary, I think it's a good thing, preserving the freedom of the end-user to enter a blank answer if they wish to do so.
In reply to Joseph Rézeau
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Barry Oosthuizen -
I agree, I use a space if I don't want to display both name and surname for front page forum posts e.g. company name
In reply to Joseph Rézeau
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
Hold on, if a field's mandatory, then it's been decided that we WANT to prevent the user leaving it blank if they wish, surely?
If your point of view is the commonly held one, then it's bigger problem with the UI where fields have been marked as mandatory where they aren't. Either way, Ravishankar has highlighted an important issue.
If your point of view is the commonly held one, then it's bigger problem with the UI where fields have been marked as mandatory where they aren't. Either way, Ravishankar has highlighted an important issue.
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
You are right Mark if we want to prevent entering plain spaces which is a different thing than leaving field blank...
Manditory field does not mean that user can't use space or any other characters, it just means that user must fill something to that field.
A good practice is to set rules that we want to give for validation of input but it may be difficult to know what kind of data is acceptable.
How do we suggest valid input and how do we help users to stay within proper input limits? How do we define proper input?
For example a user may call himself "Aaaaaaaaa Bbbbbbbbb" or "foiwefwefoih iv9oiqu90" that is not any better than simple "Stan _" where _ indicates space.
I agree with Joseph here but you and Ravishankar are also right when you say that this can be a usability problem for some sites that require exact data - and very hard to control.
If we for example don't allow spaces we prevent names like "Pippilotta Delicatessa Windowshade Mackrelmint Ephraim's Daughter Longstocking"
If we prevent one space user can user two spaces instead - or some other meaningless character...
In reply to Mauno Korpelainen
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
To me, a sensible validation rule for a name would require at least 1 alpha character, no numbers, and limited punctuation (spaces, hyphens, apostraphes - anything else?).
However, I imagine (I haven't gone too deeply into the form API yet) that Moodle simply checks that a "required" field isn't empty, so any additional rules would need to be applied on a per-field basis, depending on what they are meant to contain - you can't really specify "name" as a data type.
However, I imagine (I haven't gone too deeply into the form API yet) that Moodle simply checks that a "required" field isn't empty, so any additional rules would need to be applied on a per-field basis, depending on what they are meant to contain - you can't really specify "name" as a data type.
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
For western names yes but all names are not using ascii characters - and some cultures use only one name - see for example
http://en.wikipedia.org/wiki/Indonesian_name#Example_1:_Single_word_name
If we limit names to characters from a to z we Finns can't use letters like å,ä or ö - not to mention chinese or arabic letters...
In reply to Mauno Korpelainen
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
Sorry, bad wording on my part. I meant "alpha" to mean "in any alphabet."
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
And also western cultures have numbers in names like John W. Saunders, 3rd - in asian cultures they are more common - see for example http://en.wikipedia.org/wiki/Jennifer_8._Lee
Stripping spaces strips spaces but world is full of cases that break any western validation rules for names.
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Frank Ralf -
formslib (http://xref.moodle.org/nav.html?lib/pear/HTML/QuickForm/Rule/Required.php.html) only does a string comparison and checks for empty strings. It should instead use a regex checking for any whitespace or even better use PHP's character type (CTYPE) checking capabilities (http://us3.php.net/manual/en/book.ctype.php).
formslib provides an addRule() function for adding a validation rule to a given field (http://xref.moodle.org/nav.html?lib/formslib.php.source.html#l1112 ).
hth
Frank
formslib provides an addRule() function for adding a validation rule to a given field (http://xref.moodle.org/nav.html?lib/formslib.php.source.html#l1112 ).
hth
Frank
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Martín Langhoff -
Instead of a long thread... this needs a patch 
Two places to attack with a trim() call, both within MoodleForms:
- the JS validation
- the PHP validation
Two places to attack with a trim() call, both within MoodleForms:
- the JS validation
- the PHP validation
In reply to Martín Langhoff
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
Trim should strip most common whitespaces including the ordinary space (ASCII 32) from the beginning or end of characters
Then we have many different html entities left like
  = = non-breaking space
or
­ = ­ = soft hyphen
or
‎ = ‎ = left-to-right mark
that make clicking links just as difficult as ordinary space.
In reply to Martín Langhoff
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
I've uploaded a patch to the tracker...
In reply to Martín Langhoff
Re: Important : Mandatory fields accepting space as input ! ! ! !
by sam marshall -
Unfortunately a trim call is not sufficient because mandatory fields can sometimes be the type that accept HTML rather than just plain text.
The HTML editor often puts in tags when something is empty. So when considering emptiness, you need to remove tags as well, i.e. if it only has <p> and <br> tags and whitespace and no text then it's empty. I also found it was necessary to remove entities. This may depend slightly on the editor in use (HTMLArea or TinyMCE).
Here is JavaScript code that I used in a different area with a slightly different purpose (I was using it to disable a submit button in a specific case, not a general fix).
// Get rid of tags and nbsp as literal or entity, then trim
var mungevalue = form.message.value.replace(/<.*?>/g, '').replace(
/&(nbsp|#160|#xa0);/g, '') . replace(
new RegExp(String.fromCharCode(160), 'g'), ' ') .
replace(/\s+/, ' ') . trim();
(Obviously, if mungevalue is empty, then you would give the error about the required field.)
Note that this code is a bit aggressive - it replaces all tags, which would mean you couldn't do things like have an html field that was only an image. This is probably not appropriate for general use - the first regular expression needs changing so that it only gets rid of <br> and <p> probably.
--sam
The HTML editor often puts in tags when something is empty. So when considering emptiness, you need to remove tags as well, i.e. if it only has <p> and <br> tags and whitespace and no text then it's empty. I also found it was necessary to remove entities. This may depend slightly on the editor in use (HTMLArea or TinyMCE).
Here is JavaScript code that I used in a different area with a slightly different purpose (I was using it to disable a submit button in a specific case, not a general fix).
// Get rid of tags and nbsp as literal or entity, then trim
var mungevalue = form.message.value.replace(/<.*?>/g, '').replace(
/&(nbsp|#160|#xa0);/g, '') . replace(
new RegExp(String.fromCharCode(160), 'g'), ' ') .
replace(/\s+/, ' ') . trim();
(Obviously, if mungevalue is empty, then you would give the error about the required field.)
Note that this code is a bit aggressive - it replaces all tags, which would mean you couldn't do things like have an html field that was only an image. This is probably not appropriate for general use - the first regular expression needs changing so that it only gets rid of <br> and <p> probably.
--sam
In reply to sam marshall
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
Having a think about tags - Here are the ones that I can think of as "non-empty", i.e. they might define content in themselves, even if they don't enclose any text. We should be OK removing any except for these:
<img>
<object>
<embed>
<hr>
For example, if we removed tags in the following examples:
1. <p><br /></p>
2. <p>Some text</p>
3. <img src="image.jpg" />
1 would be seen as empty, and it only contains 'whitespace' tags, which is fine.
2 wouldn't be seen as empty, as it contains "Some Text"
3 would be seen as empty, but it's not - it displays an image
It wouldn't be too hard to write a regex to remove all tags with a few exclusions - are there any more that we should exclude?
<img>
<object>
<embed>
<hr>
For example, if we removed tags in the following examples:
1. <p><br /></p>
2. <p>Some text</p>
3. <img src="image.jpg" />
1 would be seen as empty, and it only contains 'whitespace' tags, which is fine.
2 wouldn't be seen as empty, as it contains "Some Text"
3 would be seen as empty, but it's not - it displays an image
It wouldn't be too hard to write a regex to remove all tags with a few exclusions - are there any more that we should exclude?
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by sam marshall -
Image, object, embed, applet at least, maybe some new ones.
I think it might be safer to do it the other way around though (only remove 'known unnecessary' tags such as <p>, <br>) - these are tags the editor puts in when it's blank. it will always be possible for users to put something stupid in mandatory fields, like even something that isn't blank just a '.', so it's more important to not break anything people might legitimately do, than it is to catch every possible case where people might have left something empty.
(yes I am saying this in direct contradiction to the code i posted and am using...)
--sam
I think it might be safer to do it the other way around though (only remove 'known unnecessary' tags such as <p>, <br>) - these are tags the editor puts in when it's blank. it will always be possible for users to put something stupid in mandatory fields, like even something that isn't blank just a '.', so it's more important to not break anything people might legitimately do, than it is to catch every possible case where people might have left something empty.
(yes I am saying this in direct contradiction to the code i posted and am using...)
--sam
In reply to sam marshall
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
Ok, after a little experimentation in the editor, here's the tags that it can add while still producing "blank" output:
div
span
p
sup
sub
br
h1
h2
h3
h4
h5
h6
address
pre
I agree that it's more sensible to do it this way. If no one beats be to it before tomorrow, I'll update my patch to strip those tags, and non-printing html entities.
div
span
p
sup
sub
br
h1
h2
h3
h4
h5
h6
address
pre
I agree that it's more sensible to do it this way. If no one beats be to it before tomorrow, I'll update my patch to strip those tags, and non-printing html entities.
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
And when I say "tomorrow", I mean when I'm back at work after the bank holiday weekend 
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
I've uploaded an updated version of the patch to the tracker. It strips the tags listed above, but not HTML entities - see my tracker comment for reasoning. Testing/comments/improvements welcome as always!
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
Thanks for those patches, Mark!
First name, Surname, City or Course names are normal text fields - they are not using HTMLArea - so it is very simple to use for example
First name:
Surname:
to get "invisible name"...
But like Peter said in tracker "No matter how hard we try there will always be ways to sneak in something invisible"
Normal space is the most common space found from all (at least) western keyboards so I suppose this patch should good enough for 99.9% of cases. If people want to hide themselves they can start using next thinnest possible unicode characters (other spaces etc) and tiniest html entities that can be copied and pasted to these text fields and that cat-and-mouse game will never end.
In reply to Mauno Korpelainen
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
The mention of western keyboards does raise another thought, as people have previously mentioned the use of non-breaking spaces and BOMs in other languages - are there keyboards in some countries that allow you to type these whitespace characters without a non-whitespace character? Any examples would be appreciated.
In reply to Mark Johnson
Important : Mandatory fields accepting space as input ! ! ! !
Dear Mark johnson,
Yes , unicode format keyboards, AGENCY supports U+00A0 to put a space,
but these are rare scenarios , i appreciate work on patch, will have a look into it now
Yes , unicode format keyboards, AGENCY supports U+00A0 to put a space,
but these are rare scenarios , i appreciate work on patch, will have a look into it now
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
I'm not sure Mark but virtual keyboards like
http://debugger.ru/demo/projects/virtualkeyboard/demo_inline.html
allow us to test different keyboards and copy the content to moodle if we want.
I don't think we need to make that patch any wider - it's good to take normal spaces away but that should be enough - and if some users add BOMs or some non typical (ASCII 32) spaces administrators can send those "space users" to some other part of world... or Universe 
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
One example about simple way to add any type of spaces without keyboard is to visit http://rishida.net/scripts/uniview/ and type to Search text field "Space"
Next you can click all the spaces you get after the search (textarea uder Font) and copy them to text fields in moodle. You can even check that you got what you wanted with http://rishida.net/scripts/uniview/conversion.php?origin=codepoint&codepoints=00A0 that can be viewed at the same time as Uniview.
HTMLArea most likely changes spaces like
or ‚
to normal spaces - let's see if this happens here...but normal input fields leave unicode characters (different spaces) and html entities unchanged.
In reply to Mauno Korpelainen
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
I added there some spaces:
⁠ ‚            ​  ⁠
and html entities were changed to unicode characters but not changed to "normal spaces".
I will test this once more so that I save those spaces in text mode (not in edit mode):
‚
and finally I edit my post after changing from user profile "When editing text - Use standard web forms":
her we go- - and here spaces end.
In reply to Mauno Korpelainen
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
I did perform similar tests - the only case I found where you can "get around" it is if you switch to raw HTML, put the entity in, and submit the form without switching back to WYSIWYG mode. However, I agree with you that the scope of the bug is to prevent people accidentally leaving the field blank, and the patch as it is serves that purpose.
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
Well I did not test all possible input cases but those manditory fields that we were originally talking about never use editor - they are normal text input fields, not textareas... and if we use editor for some textareas people may have for example Opera, Chrome or Safari and they will never see the actual editor in moodle ( before moodle 2.0 and tinymce ) - old poor HTMLArea renders only textarea for those browsers.
Or if javascript is disabled in IE or FF...
This kind of stories never end if we try to go on in searching perfect patch for this kind of cases - in my opinion your patch is sufficient to most cases and big thank you for that... 
I think I have commented this issue already too much, time to move on - thanks!
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
Dear Mark Johnson,
The patch uploaded with the name of MDL-19907_2.patch has some errors
when imported using patch -pl it says patch: **** strip count l is not a number
The patch uploaded with the name of MDL-19907_2.patch has some errors
when imported using patch -pl it says patch: **** strip count l is not a number
In reply to Ravishankar Somasundaram
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mark Johnson -
Hmm I generated the patch using git diff - does it work if you remove the first 2 lines of the patch file (as they refer to git revisions)?
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
Dear Mark,
I didnt try that, I manually edited the files and made the changes.
Dear Hubert,
thank you for indicating.
I didnt try that, I manually edited the files and made the changes.
Dear Hubert,
thank you for indicating.
In reply to Ravishankar Somasundaram
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Hubert Chathi -
You should be using "patch -p1" instead of "patch -pl" (that is, the character after "-p" is the number one, and not the letter ell)
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Frank Ralf -
http://en.wikipedia.org/wiki/Whitespace_(computer_science) lists the Unicode codepoints which are regarded as whitespace, among others:
U+180E MONGOLIAN VOWEL SEPARATOR
On current Windows systems you can enable most living languages together with their respective keyboard layouts so you could test for yourself
On-screen keyboards are also available in Windows.
BTW Has anyone tried using the PHP Ctype function (http://us3.php.net/manual/en/function.ctype-space.php )? It it respects the system's locale it should catch most whitespace characters the user could input.
Cheers,
Frank
U+180E MONGOLIAN VOWEL SEPARATOR
On current Windows systems you can enable most living languages together with their respective keyboard layouts so you could test for yourself
On-screen keyboards are also available in Windows.
BTW Has anyone tried using the PHP Ctype function (http://us3.php.net/manual/en/function.ctype-space.php )? It it respects the system's locale it should catch most whitespace characters the user could input.
Cheers,
Frank
In reply to Mark Johnson
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
In fact most western keyboards allow us to type (almost) any unicode characters.
As an alternative method read for example http://en.wikipedia.org/wiki/Non-breaking_space#Keyboard_entry_methods
For example for Windows users alt key provides an alternative way to enter unicode characters:
- Enable NUM LOCK.
- Hold Alt key.
- while holding Alt key type Alt Code on Num Key Pad (numbers on right side of keyboard).
- Release alt key.
So typing Alt+0160 here:
should produce a non-breaking space. It worked without a trouble...
But seriously we don't need to prevent all whitespaces or even spaces or other thin characters or html entities or html tags or keyboard shortcuts or alt keys. We can set that limit to normal spaces. As soon as we have prevented all possible ways we know some new method, character, browser feature etc pops up...
In reply to Mauno Korpelainen
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
Testing once more 5 non-breaking spaces typed without editor between a and b typed with ALT key:
a b
In previous test HTMLArea did change non-breaking space to normal space.
a b
In previous test HTMLArea did change non-breaking space to normal space.
In reply to sam marshall
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
Yes Sam, it's true - I tried for example adding
<span class="background:red"></span> or
<span class="background:red"> </span>
to course names and current moodle allows us to add those html tags that cause a similar effect as empty field or space.
In reply to Joseph Rézeau
Re: Important : Mandatory fields accepting space as input ! ! ! !
Thanks for seconding me Mark Johnson,
Dear Joseph,
If its a field where mandatory inputs are expected from user and if they are able to give spaces as input and skip it dont you think theres a flaw in the system by itself. ? ?
Dear Mauno,
It is ok that Stan_ is given as input where _ indicates space , but the problem is the system accepts _ for first and last name in user profile , fullname in course name where _ being space.
For more refrence you can see that screen shots i have attched in the tracker with the bug description.
Dear Joseph,
If its a field where mandatory inputs are expected from user and if they are able to give spaces as input and skip it dont you think theres a flaw in the system by itself. ? ?
Dear Mauno,
For example a user may call himself "Aaaaaaaaa Bbbbbbbbb" or "foiwefwefoih iv9oiqu90" that is not any better than simple "Stan _" where _ indicates space.
It is ok that Stan_ is given as input where _ indicates space , but the problem is the system accepts _ for first and last name in user profile , fullname in course name where _ being space.
For more refrence you can see that screen shots i have attched in the tracker with the bug description.
How do we suggest valid input and how do we help users to stay within proper input limits? How do we define proper input. ?
We can chomp of the first character if its space and check for any other following characters are valid (not spaces). if yes we can take that as valid name if no (the input has only one character which is space or series of characters which are spaces ) we can display error message saying give proper name.
And if you think this is not a serious bug that i have reported , think about it if the course fullnames have space as input and when the list of courses appear in a page and this course displays shortname at right end but no fullname of course which is supposed to be printed at left end and which is a hyperlink (only way a user can enter the course) is not printed ? ? (for proof or refrence of what i am talking about see the another screen shot that i have attached in tracker which shows the course list page.)
.
In reply to Ravishankar Somasundaram
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Mauno Korpelainen -
I think you are right that this is a bug because links should have some visible character so that it is possible to click them.
So name "space space" should not be allowed but for example "Stan" could be ok - and the same way course names should have some visible characters instead of plain space.
So even if creating a validation rule for all possible cases may be impossible it is possible to add some simple rules like changing space to _ for links.
It's just not one space - http://en.wikipedia.org/wiki/Space_(punctuation)#Table_of_spaces
In reply to Joseph Rézeau
Re: Important : Mandatory fields accepting space as input ! ! ! !
by Joseph Rézeau -
Of course that was provocation on my part. Thanks for your responses. I just wanted to make the point that mandatory fields should be really necessary. And yes, Ravishankar, that's a bug.