After version 5.3.1 form arrays are mangled
See original GitHub issueUpgrading to any version beyond 5.3.1 causes the req.body
keys containing form arrays to become mangled into [object Object]
. This affects not only in the custom()
validator it also affects the value of req.body
in the actual route handler for the request.
Example POST form data to express js endpoint:
name: some+name
alias: some+alias
param_data[id]: 12345
param_data[network_id]: 74634ae21
Console output using express-validator@5.3.1
req.body inside custom() {name: 'some name',
alias: 'some alias',
param_data: { id: '12345', network_id: '74634ae21' } }
req.body inside route { name: 'some name',
alias: 'some alias',
param_data: { id: '12345', network_id: '74634ae21' } }
Console output using express-validator@6.0.0
thru express-validator@6.2.0
req.body inside custom() { name: 'some name',
alias: 'some alias',
param_data: '[object Object]' }
req.body inside route { name: 'some name',
alias: 'some alias',
param_data: '[object Object]' }
Tested this in every version directly from 6.0.0 to 6.2.0 with the same results as above.
npm list --depth=0
proj@1.0.0 /path/to/proj
βββ @babel/cli@7.6.2
βββ @babel/core@7.6.2
βββ @babel/node@7.6.2
βββ @babel/plugin-transform-runtime@7.6.2
βββ @babel/polyfill@7.6.0
βββ @babel/preset-env@7.6.2
βββ @babel/register@7.6.2
βββ @babel/runtime@7.6.2
βββ @babel/runtime-corejs2@7.6.2
βββ aws-sdk@2.535.0
βββ babelify@9.0.0
βββ bluebird@3.5.5
βββ body-parser@1.19.0
βββ bootstrap@4.3.1
βββ browserify@16.5.0
βββ busboy@0.3.1
βββ compression@1.7.4
βββ config@1.31.0
βββ connect-flash@0.1.1
βββ connect-redis@3.4.2
βββ cookie-parser@1.4.4
βββ core-js@2.6.9
βββ csurf@1.10.0
βββ csv-express@1.2.2
βββ debug@2.6.9
βββ del@3.0.0
βββ do-wrapper@3.25.3
βββ es6-promise@4.2.8
βββ express@4.17.1
βββ express-session@1.16.2
βββ express-validator@5.3.1
βββ fast-csv@3.4.0
βββ handlebars@4.1.2
βββ intersection-observer@0.5.1
βββ jquery@3.4.1
βββ mdi@2.2.43
βββ moment@2.24.0
βββ mongoose@5.7.1
βββ mongoose-bcrypt@1.6.0
βββ mongoose-plugin-autoinc@1.1.9
βββ mongoose-unique-validator@2.0.3
βββ morgan@1.9.1
βββ nanoid@1.3.4
βββ node-sass@4.12.0
βββ node-schedule@1.3.2
βββ nopt@4.0.1
βββ passport@0.4.0
βββ passport-local@1.0.0
βββ permission@1.1.0
βββ popper.js@1.15.0
βββ saslprep@1.0.3
βββ serve-favicon@2.4.5
βββ tmp@0.0.33
βββ twig@0.10.3
βββ uglify-js@3.6.0
βββ underscore@1.9.1
βββ url-search-params@1.1.0
βββ yargs@11.1.0
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
useFieldArray resets form values after deleting item Β· Issue #892
Describe the bug All items appended to a field array are reset to the value given at append time when you delete an...
Read more >ESS 5.3.1: Problem Determination Guide - IBM
This edition applies to version 5.3.1 of the Elastic Storage Server (ESS) ... array is reported in the long-form output of the mmlsrecoverygroup...
Read more >Chapter 5. Loading, Linking, and Initializing
The class loader L can create an array of bytes representing C as the bytes of a ClassFile structure (Β§4.1); it then must...
Read more >50+ array questions with solutions (easy, medium, hard)
50+ array interview questions, all with links to high-quality solutions, plus an arrays refresher and cheat-sheet.
Read more >Version 5.3 Release Notes - WHMCS Documentation
1.1 Version 5.3.0 Beta 1; 1.2 Version 5.3.1 Beta 2; 1.3 Version 5.3.2 ... These steps can be used to upgrade from any...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
What happens is that before v6, non-string values wouldnβt be sanitised, which was a major security breach; thus, now they are converted to string before being sanitised.
If you expect it to be an object, you should validate it like so.
Sorry for the delay β you should be able to use wildcards to do this. E.g.
check('param_data.*').trim()