Fixes to form validation process

Fixes hardening measure introduced in #23716
joomla · Dec 22, 2023 · c246730 · c246730
1 parent 3265efa
commit c246730
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/libraries/src/Form/Form.php b/libraries/src/Form/Form.php
@@ -182,9 +182,9 @@ protected function bindLevel($group, $data)
     }
 
     /**
-     * Return all errors, if any.
+     * Return Exceptions thrown during the form validation process.
      *
-     * @return  \Exception[]  Array of error messages or RuntimeException objects.
+     * @return  \Exception[]
      *
      * @since   1.7.0
      */
@@ -1055,8 +1055,8 @@ public function filter($data, $group = null)
     /**
      * Method to validate form data.
      *
-     * Validation warnings will be pushed into JForm::errors and should be
-     * retrieved with JForm::getErrors() when validate returns boolean false.
+     * Validation warnings will be pushed into Form::$errors and should be
+     * retrieved with Form::getErrors() when validate returns boolean false.
      *
      * @param   array   $data   An array of field values to validate.
      * @param   string  $group  The optional dot-separated form group path on which to filter the
@@ -1134,6 +1134,7 @@ public function validate($data, $group = null)
                 // The field returned false from setup and shouldn't be included in the page body - yet we received
                 // a value for it. This is probably some sort of injection attack and should be rejected
                 $this->errors[] = new \RuntimeException(Text::sprintf('JLIB_FORM_VALIDATE_FIELD_INVALID', $key));
+                $return         = false;
             }
         }