This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
It seems that Form actions do not respect any routes that have been set?
I have a controller with a form and the way the user would access it is products/add
But the logic it's self is actually on a different controller e.g. AdminProduct_Controller.
That controller is whats passed through into the Form which is why that action then becomes AdminProduct_Controller/add. Is there a way around this without creating custom forms?
Should it not find any routes set that match?
Hi Mediabeast,
This is not the standard way you would work with forms and controllers in silverstripe (usually you post to a method on the same controller as the form is loaded).
I am assuming when you say form actions you mean the html action attribute on the form, not the actions you create via new FormAction()?
If so, by default the html action is set using the Link method on the controller, if you want to change this then you can use the setFormAction() method. For example:
class ProductController extends ContentController {
...
public function Form() {
$form = Form::create($this, $fields, $actions)
->setFormAction(Controller::join_links(BASE_URL, "route", "formaction"));
}
...
}BASE_URL is a constant available in Silverstripe
"route" is the path you have specified to your controller
"formaction" is the action name of the Form on your other controller. Be aware that you have to post a form to a Form, the form itself doesn't directly post to the action that processes it, I am not sure why, I am guessing the form is then able to control what data is sent to the action that processes it, which is better for security?
Hope that makes sense?
Mo
Hi Mo,
Thanks for your reply.
So does the way you suggest have less security?
It does seem to work using your example which is great but just want to make sure I'm not losing out on any built in security functions.
My code:
public function add(){
return $this->renderWith(array("Product_add", "Page"));
}
public function addProductForm(){
$categories = ProductCategory::getAllCategories();
$fields = new FieldList(
TextField::create("Title", "Title")->setAttribute("placeholder", "Product Title"),
TextareaField::create("Content", "Product Description")->setAttribute("placeholder", "Product Description")
);
$actions = new FieldList(
FormAction::create("doAddProduct")->setTitle("Create Product")->addExtraClass("button")
);
$required = new RequiredFields('Title');
$form = Form::create($this, 'addProductForm', $fields, $actions, $required)->setFormAction(Controller::join_links(BASE_URL, "products", "addProductForm"));;
return $form;
}
public function doAddProduct($data, Form $form) {}That seems to work with the correct routing. Is this the SilverStripe way to do this?
Hi Mediabeast,
If you are posting to the form on the other controler, I am not aware that you will be reducing security.
The only factor that would reduce security would be using disableSecurityToken on your form, which helps ensure that the data posted is from the form (to help stop cross scripting attacks, etc), but it doesn't look like you are disabling the security token, so you should be fine :-)
Mo
