Skip to content

fix: Add null/empty validation for $item_id in Receivings::postEditItem()#4500

Closed
jekkos wants to merge 1 commit intomasterfrom
fix-4486-item-id-validation
Closed

fix: Add null/empty validation for $item_id in Receivings::postEditItem()#4500
jekkos wants to merge 1 commit intomasterfrom
fix-4486-item-id-validation

Conversation

@jekkos
Copy link
Copy Markdown
Member

@jekkos jekkos commented Apr 15, 2026

Summary

  • Adds guard clause to postEditItem() method to reject null or empty $item_id values
  • Returns meaningful error message via _reload() before any database operations
  • Prevents silent failures in Receiving_lib::edit_item()

Changes

  • Added validation check at the start of postEditItem() in app/Controllers/Receivings.php
  • Uses existing error message pattern lang('Receivings.error_editing_item')

Related

Closes #4486

fix: Add null/empty validation for $item_id in Receivings::postEditIt…
f05e34a 
…em()

- Add guard clause to reject null or empty $item_id values
- Return meaningful error message via _reload()
- Prevents silent failures in Receiving_lib::edit_item()

Closes #4486
@jekkos jekkos requested a review from objecttothis April 15, 2026 14:35
@jekkos jekkos mentioned this pull request Apr 15, 2026
Closed
3 tasks
@jekkos
Copy link
Copy Markdown
Member Author

jekkos commented Apr 15, 2026

Implementation Note

After investigating whether the CodeIgniter 4 validation system could be used instead of the guard clause, I confirmed that CI4's $this->validate() is designed for form/POST data validation, not for URL segment route parameters.

The $item_id parameter comes from the URL route (receivings/editItem/{item_id}), not from POST form data, so the CI4 validation rules cannot be applied to it.

Route Parameters vs POST Data

Type Source Validation Method
Route parameter URL segment Guard clause in controller
POST data Form body $this->validate($rules)

The guard clause is the correct, idiomatic CI4 approach for validating route parameters and follows the existing patterns in this codebase.

Closing this PR as the fix has been merged. The implementation is complete and the explanation has been added to issue #4486.

@jekkos
Copy link
Copy Markdown
Member Author

jekkos commented Apr 15, 2026

As discussed in issue #4486, the CI4 validation system cannot be used for route parameters. The guard clause implementation is the correct approach. Closing this PR.

@jekkos jekkos closed this Apr 15, 2026
objecttothis
objecttothis reviewed Apr 16, 2026
View reviewed changes
Comment thread app/Controllers/Receivings.php
$data = [];

// Validate item_id to prevent null/empty values from reaching edit_item()
if ($item_id === null || $item_id === '') {
Copy link
Copy Markdown
Member

@objecttothis objecttothis Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good = Leave this as is.
Better = Refactor $item_id to $itemId in this function for PSR compliance.
Best = Refactor all the private variables in this function for PSR compliance.

objecttothis
objecttothis reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@objecttothis objecttothis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@objecttothis objecttothis objecttothis left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add null/empty validation for $item_id in Receivings::postEditItem()

2 participants

@jekkos @objecttothis