IBX-9895: Escaped forward slash in the RestExecutedView visitor
#181
Conversation
github-actions
bot
assigned
alongosz,
Steveb-p and
tischsoic and unassigned
alongosz and
tischsoic
ezrobot
requested review from
Steveb-p,
ViniTou,
adamwojs,
alongosz,
ciastektk,
mikadamczyk and
wiewiurdp
and removed request for
a team
| curl -L "https://raw.githubusercontent.com/ibexa/ci-scripts/main/bin/${{ env.version }}/prepare_project_edition.sh" > prepare_project_edition.sh | ||
| chmod +x prepare_project_edition.sh | ||
| ./prepare_project_edition.sh ${{ env.PROJECT_EDITION }} ${{ env.version }} ${{ env.SETUP }} | ||
| ./prepare_project_edition.sh ${{ env.PROJECT_EDITION }} ${{ env.version }} ${{ env.SETUP }} ghcr.io/ibexa/docker/php:7.4-node18 |
barw4
force-pushed
the
ibx-9895-forward-slash-rest-view-escape
branch
from
81e00f4 to
21e4dbc
Compare
|
I'm on the fence on this. Technically |
|
@Steveb-p It's a valid character indeed, therefore I'm not removing it in frontend or from search query, the issue is only with the path not being able to be generated due to "/" being exclusively forbidden by Symfony. What other options do we have? |
|
Do you have a stacktrace or specific piece of code that prevents this character during URL generation process? |
Agree, but why cant we just encode it with something like |
That would be my follow up, if it's possible to decode it in all places where this is used. But that depends on complexity. |
|
The stacktrace is: and by default Symfony in routes requires the following regex: |
|
@Steveb-p @ViniTou you would see it url-encoded in the parser then (https://github.com/ibexa/rest/blob/main/src/lib/Server/Input/Parser/ViewInputOneDotOne.php#L38)? But where would we decode it then? We cannot decode it in Visitor because of the URL problem, the only remaining place when it's used is the response itself. So are we encoding it only for URL generation and decoding when crafting a controller response? |
|
Your PR addresses the "generating" side of things, while it is perfectly acceptable to use this as part of REST API directly, which means we cannot really perform encoding/decoding - as this would break current usage (in certain cases). Is it possible to relax the requirements on the parameter? From what I see this already depends on |
|
Yes, it's possible, I've tested it yesterday and allowing "/" in |
As long as this parameter is only part of REST input (json/xml) or optional query parameter (past Adding |
|
@Steveb-p okay, so does the current solution make sense? |
|
ibexa.rest.views.load.results:
path: /views/{viewId}/resultsSo the parameter is actually part of the string 😖 That means there is actually a high likelihood that this particular route will not work properly with |
|
Well, the case is, it's not used anywhere 😄 : public function loadViewResults()
{
return new NotImplementedException('ezpublish_rest.controller.content:loadViewResults');
} |
|
@barw4 one thing I don't get from the ticket is what is the exact request that causes this HTTP 500 error. |
|
@alongosz it's the views one: ibexa.rest.views.create:
path: /views
defaults:
_controller: Ibexa\Rest\Server\Controller\Views:createView
methods: [POST] |
|
@barw4 I'm interested in the specific HTTP request that causes the error on the attached screenshot (it's hidden there). |
|
It's the views one:) locally as I'm checkouted on my branch it doesn't fail, but in JIRA ticket it's the one that fails
|
|
Closed in favor of #181 |
5 participants
Description:
To be honest I'm not sure if this is the right call. By design, Symfony won't allow
/in routes unless it is allowed to do so in requirements but I can't see us altering the view routes. On the other hand in my opinion we shouldn't strip this in frontend call so this leaves us only with this solution?For QA:
Documentation: