I do have $profileForm->bind($this->request->getPost(), $profileForm);
, how else can I validate the input?
You can validate input this way:
$profileForm->isValid($this->request->getPost())
If form is valid assign values from Post straight to Profile's model instance, no need to bind values to form. On the other hand, I agree that bind post and do clear() is more comfy, and it seem not working as expected, sorry I don't know why.
Good idea, thank you! However, it didn't fix the problem. The fields' default values still get ignored and the posted ones get loaded. I've re-tested with all the clear(), setAttributes() and setDefault() functions. They just get ignored and these two end up outputting different tokens:
{{ form.render('csrf', ['value': security.getSessionToken()]) }}
Got: {{ form.get('csrf').getValue() }} <br>
Expected: {{ security.getSessionToken() }} <br>
Result:
<input id="csrf" name="csrf" value="THc3M2pqUm52WFgranduSkUyWlh4Zz09" type="hidden">
Got: THc3M2pqUm52WFgranduSkUyWlh4Zz09
Expected: ZFduTmkyejJzY3VsWHRCUnZIUE9IZz09
I believe this is a bug in Phalcon 3.
Edit:
I've tested it by removing the whole form's code from controller apart from the initialization and forwarding to the view, then I restored and tested line by line to see when will the posted values start to show up despite the clear. I discovered that the form elements start ignoring the setDefault, setAttributes and clear methods only if binding or validation is executed:
// Either of these will prevent the wanted value to show up
$profileForm->bind($this->request->getPost(), $profileForm);
$profileForm->isValid($this->request->getPost());