Bug #25801

Request arguments should never contain objects

Added by Bastian Waidelich almost 10 years ago. Updated about 7 years ago.

Status:
Resolved
Priority:
Should have
Category:
MVC
Target version:
-
Start date:
2011-04-06
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

Request arguments are serialized in Fluid forms in order to generate the hidden referrer fields that are required to "replay" the last request in case of an validation error. If a request argument is a complex type, the value of the __referrer[arguments] hidden field gets huge which poses 3 major issues:
  1. you'll have to transfer a lot of unnecessary data
  2. the URI for redirects will grow to a point where the browser dies
  3. if an object is not serializable, you get serialization errors

Thus RoutePartHandler must not return objects. Instead they should return simple types/arrays understandable by the PropertyMapper (or a dedicated ObjectConverter)

Discuss: Should this be enforced in the routing process?


Related issues

Related to TYPO3.Flow - Bug #25902: It's not possible to add an entity as link/redirect argumentResolvedKarsten Dambekalns2011-04-12

Actions
Related to TYPO3.Flow - Task #26078: Enforce RouteParts to only return simple typesResolvedBastian Waidelich2011-04-18

Actions
Related to TYPO3.Flow - Task #25907: Referrer should only contain the URI of the previous requestNew2011-04-12

Actions
#1

Updated by Bastian Waidelich almost 10 years ago

Note: We currently also add objects to the Request in ActionController::forward(). To make sure, we only have simple types in the request we could convert objects to identity arrays in Request::setArgument().
See Route::convertDomainObjectsToIdentityArrays()

#2

Updated by Bastian Waidelich almost 10 years ago

  • Status changed from New to Accepted
  • Assignee set to Bastian Waidelich
#3

Updated by Mr. Hudson almost 10 years ago

Patch set 1 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604

#4

Updated by Mr. Hudson almost 10 years ago

Patch set 2 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604

#5

Updated by Mr. Hudson over 9 years ago

Patch set 3 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604

#6

Updated by Mr. Hudson over 9 years ago

Patch set 4 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604

#7

Updated by Bastian Waidelich over 9 years ago

  • Status changed from Accepted to Resolved
  • % Done changed from 0 to 100
#8

Updated by Tim Spiekerkötter over 7 years ago

Has this ever been backported to Extbase? I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.

#9

Updated by Bastian Waidelich over 7 years ago

  • Has patch set to No

Tim Spiekerkötter wrote:

I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.

The simple type restriction is not active for internal arguments (starting with __). But if your referrer arguments are that large there's probably something wrong, yes

#10

Updated by Tim Spiekerkötter about 7 years ago

Hi Bastian,

thank you for your answer. My request has two arguments, both are Extbase models and the FormViewHelper just serializes those arugments and therefore generating a giant hidden field. I don't want to spam this Flow issue but I don't know if this is an Extbase issue or a problem within my application.

Bastian Waidelich wrote:

Tim Spiekerkötter wrote:

I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.

The simple type restriction is not active for internal arguments (starting with __). But if your referrer arguments are that large there's probably something wrong, yes

#11

Updated by Bastian Waidelich about 7 years ago

Tim Spiekerkötter wrote:

Hi Tim,

thank you for your answer. My request has two arguments, both are Extbase models [...]

You should refer to the Extbase bugtracker (http://forge.typo3.org/projects/show/typo3v4-mvc) or rather the Extbase forum (http://forum.typo3.org/index.php/f/60/). Those guys have a better overview of the current state and what has been backported

Also available in: Atom PDF