Task #47669
FormViewHelper does not define the default request method
| Status: | New | Start date: | 2013-04-28 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Has patch: | No |
Description
Currently, the default value for the FormViewHelper attribute "method" is NULL, resulting in the output form attribute value "post". This could possibly lead to strange behaviour in the code when checking for the method attribute value (NULL will actually evaluate to TRUE for both checking if method !== 'get' and method !== 'post') and also contradicts the HTML specification for forms, which sets the default method to "get":
see http://www.w3.org/TR/html401/interact/forms.html#h-17.3 and http://www.whatwg.org/specs/web-apps/current-work/multipage/association-of-controls-and-forms.html#attr-fs-method
This is a concern especially since the CSRF change, which only appends the token on non-GET method and validating the output in the Viewhelpertest package.
I hence suggest setting the default value for the method attribute to 'get' - or if a breaking change is to be avoided at least set it do 'post'.