Fix regression that not allow to use a custom filter with subform field

[Fedik]

Summary of Changes

Fix regression that not allow to use a custom filter with subform field, was introduced by one of previous update.

Testing Instructions

Apply patch, create a subform field , somwhere in CustomHTML module, with custom filter:

<field name="test_fields" type="subform" label="test_fields" 
filter="FooBar::filterTest" multiple="true" min="1">
  <form>
    <field name="test_field" type="text" label="TESTFIELD1"/>
  </form>
</field>

Add custom filter class, somwhere in bottom of plugins/system/debug/debug.php:

class FooBar
{
	static function filterTest($value)
	{
		JFactory::getApplication()
		 ->enqueueMessage('Filter works: ' . json_encode($value));
		return $value;
	}
}

Then create a Custom module in backed, and try save it.
Look for the message you got

Expected result

You should get 2 message:
Filter works: {"test_fields0":{"test_field":""}}
and
Module saved

Actual result

You get 1 message
Module saved
that means the custom filter was ignored

[viocassel]

I have tested this item ✅ successfully on da9a1bb

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/27561.}

[jwaisner]

I have tested this item ✅ successfully on da9a1bb

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/27561.}

[Quy]

RTC

---

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/27561.}

[wilsonge]

@joomla/security please review this as this addressed a specific vulnerability in the past

[zero-24]

What is the intention of this change? We might should check whether this is an array right?

[SharkyKZ]

It can be an array or an object.

[Fedik]

What is the intention of this change

if there a no value you will get an php notice while foreach(null as $key => $val)

[wilsonge]

OK then let's do is_array here and can we add a comment just explaining it covers an optional subform field

[SharkyKZ]

Would probably need is_array() and is_object() in that case. This check also needs to be nested to avoid issues. See #27671.

[Fedik]

it does not make much sense, because if you see whole condition, it still will be validated

joomla-cms/libraries/src/Form/Form.php

Lines 2158 to 2176 in da9a1bb

	if ($field->multiple && $value)
	{
	foreach ($value as $key => $val)
	{
	$val = (array) $val;
	$valid = $subForm->validate($val);
	if ($valid === false)
	{
	break;
	}
	}
	}
	else
	{
	$valid = $subForm->validate($value);
	}

filter already have the same conditions

joomla-cms/libraries/src/Form/Form.php

Lines 1567 to 1579 in da9a1bb

	if ($field->multiple && !empty($value))
	{
	$return = array();
	foreach ($value as $key => $val)
	{
	$return[$key] = $subForm->filter($val);
	}
	}
	else
	{
	$return = $subForm->filter($value);
	}

[wilsonge]

The entire concept of validating an empty value seems weird to me :)

[Fedik]

yeah, but that what we have ;)

[SharkyKZ]

It won't be validated if you follow #27671. Apply same changes to filter.

[zero-24]

@joel-lupfer @SniperSister Any additional input here?

[richard67]

@joel-lupfer @SniperSister Any additional input here?

[SniperSister]

@richard67 fine for me!