Making custom form to update Express Entry, unsure how to properly use Concrete CMS input validation

One of the things I’m working on is creating a Block Template with a custom Form to edit/update an existing Express Entry. I am going down this avenue as I don’t want these particular users to do so via the Dashboard as that breaks the branded UX and other such things.

Making the form I should be able to handle. However, I was hoping to leverage existing Concrete CMS Validation methods to prevent bad-injection and other such things, and I’m really not finding examples of such things. I also really have not found any examples of alternative methods for “nice ways” for users to edit/update existing Express Entries.

For example, I am unsure how to correctly (with the Concrete CMS API capabilities) validate a URL input. I’m sure I could use a PHP-centric method, but it seems like a good idea to use a Concrete CMS API method instead as that aspect is likely to get updated over time if CVE/security issues become identified.

Anyways, if anyone has any documentation I may have somehow missed, existing examples they can link me to or show, or any other thoughts, I’d appreciated it! Thanks!

I use some of these validation methods for block add/edit inputs. Not much to write home to mom about. There’s an email method in there, but it’s deprecated. Definitely watching this thread, as I have basically the same question(s)

https://documentation.concretecms.org/api/9.1.1/Concrete/Core/Utility/Service/Validation.html

Example of my use case within block controller validate():

$error = $this->app->make('helper/validation/error');
$vs = $this->app->make('helper/validation/strings');

if (!$vs->notempty($args['filterNameValue'])) {
	$error->add(t('Text String Required For \'Page Name\' Text Filter.'));
}

I’m not entirely seeing how I can tailor that to specific validations matching different Express Attribute types… am I missing something obvious?

Also, does this method require being in the controller? I’m really hoping to keep this within a view.php of a Block Template.

I’m certain this could be done in your template. I’m just calling the validation class and using it’s methods. What I’m noting here is the same lack of validation methods you describe. For urls, emails etc… I’m also unaware of any additional documentation of such.

Ohhh! See I just assumed I was maybe looking in the wrong place, or looking at aspects “the wrong way” or something. Like, Express Forms (that you can place as a block on a page) do the Validation of such things (so far as I know? including URLs and others?), so that’s where my head was. Surely that same validation could be repurposed for a very similar, but different, use-case. No?

I just don’t really know how Express Forms do such validation.

Email validation was just moved do separate validator class, so you can use it like:

$this->app->make(\Concrete\Core\Validator\String\EmailValidator::class)->isValid($email)

There is no such thing for urls, I guess? Need to do regex validation by yourself right now.

You can’t really put validation in in view, since usually you want to redirect after successful validation (and at this point in view file you would get “header were already sent” error) .

If your are using those self-generating forms from Express, then all of the basic stuff is already covered (like CSFR token validation etc.).
You need to add your own custom validation logic (add routine) to it:

Standard Express validator runs through attributes in form and check if there is validate method in each attribute controller. I don’t think url attribute has any validation logic in it. Only built-in html validation of input is used, no backend processing.