Hi Laurent, While I don't have the answer to your question specifically, I know that Zend_Form used to validate before filtering like you are suggesting. But that was modified per this discussion:
http://www.nabble.com/Zend_Form_Element-validation-bug-tt15589810s16154.html As a side note, I've done something very similar to the use case you describe, and didn't run into this problem. The only difference I had was that the filter converts the given date to a Zend_Date instance. Which then runs through Zend_Validate_Date and it's has been working fine. Think I got lucky there and I've even noticed it :) Back to the discussion linked above, in one post I can tell that Matthew acknowledged the important of a pre/postFilter. Best Regards, - Amr On Sat, Mar 8, 2008 at 11:26 AM, Laurent Melmoux <[EMAIL PROTECTED]> wrote: > Hi Matthew and every body, > > First a use case: > > On an i18n application the user can chose is preferred date format for > display and input. > Let's say 'dd/MM/YYYY'. > I n the backend I will need a validator to validate the date format and > a filter to convert the date to a Mysql format 'YYYY-MM-dd'. > > But here the validation against 'dd/MM/YYYY' won't work because the date > will be filtered before validation. Well, an easy work around will be to > validate against the 'YYYY-MM-dd' format but it sound not very clean and > I could not use an error message saying the right format to use. > > So I'm wondering if data should be filtered prior to validation. Is > there some security concern? > While I see some advantage to filter data, like removing white space, > before it is validated. It looks better to me to run it after the > validation and let know the user that is input is wrong. Then filter > data for formatting and security. > > Best Regards, > > -- > Laurent Melmoux > Annecy, France > > >
