Bug #25801
Request arguments should never contain objects
100%
Description
__referrer[arguments] hidden field gets huge which poses 3 major issues:
- you'll have to transfer a lot of unnecessary data
- the URI for redirects will grow to a point where the browser dies
- if an object is not serializable, you get serialization errors
Thus RoutePartHandler must not return objects. Instead they should return simple types/arrays understandable by the PropertyMapper (or a dedicated ObjectConverter)
Discuss: Should this be enforced in the routing process?
Related issues
Updated by Bastian Waidelich over 10 years ago
Note: We currently also add objects to the Request in ActionController::forward(). To make sure, we only have simple types in the request we could convert objects to identity arrays in Request::setArgument().
See Route::convertDomainObjectsToIdentityArrays()
Updated by Bastian Waidelich over 10 years ago
- Status changed from New to Accepted
- Assignee set to Bastian Waidelich
Updated by Mr. Hudson over 10 years ago
Patch set 1 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604
Updated by Mr. Hudson over 10 years ago
Patch set 2 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604
Updated by Mr. Hudson over 10 years ago
Patch set 3 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604
Updated by Mr. Hudson over 10 years ago
Patch set 4 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604
Updated by Bastian Waidelich over 10 years ago
- Status changed from Accepted to Resolved
- % Done changed from 0 to 100
Applied in changeset 4f8708ed15e7fca71921f58a9d1fb38dd6f28f13.
Updated by Tim Spiekerkötter almost 8 years ago
Has this ever been backported to Extbase? I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.
Updated by Bastian Waidelich almost 8 years ago
- Has patch set to No
Tim Spiekerkötter wrote:
I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.
The simple type restriction is not active for internal arguments (starting with __). But if your referrer arguments are that large there's probably something wrong, yes
Updated by Tim Spiekerkötter almost 8 years ago
Hi Bastian,
thank you for your answer. My request has two arguments, both are Extbase models and the FormViewHelper just serializes those arugments and therefore generating a giant hidden field. I don't want to spam this Flow issue but I don't know if this is an Extbase issue or a problem within my application.
Bastian Waidelich wrote:
Tim Spiekerkötter wrote:
I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.
The simple type restriction is not active for internal arguments (starting with __). But if your referrer arguments are that large there's probably something wrong, yes
Updated by Bastian Waidelich almost 8 years ago
Tim Spiekerkötter wrote:
Hi Tim,
thank you for your answer. My request has two arguments, both are Extbase models [...]
You should refer to the Extbase bugtracker (http://forge.typo3.org/projects/show/typo3v4-mvc) or rather the Extbase forum (http://forum.typo3.org/index.php/f/60/). Those guys have a better overview of the current state and what has been backported