Bug #89185
closedRouting: requirements are not validated for PersistedAliasMapper in PluginEnhancer/ExtbasePluginEnhancer
0%
Description
I'd like to add a requirement for an aspect of type PersistedAliasMapper
on a custom slug
field:
routeEnhancers: ExamplePlugin: type: Extbase extension: Example plugin: Entities routes: - routePath: '/{entity}' _arguments: entity: entity requirements: entity: '^...$' aspects: entity: type: PersistedAliasMapper tableName: tx_myext_domain_model_entity routeFieldName: slug
Routing and link generation works like expected, but /{entity}
isn't validated.
PLease have a look at function PluginEnhancer::getNamespacedRequirements():
protected function getNamespacedRequirements(): array { $requirements = []; foreach ($this->configuration['requirements'] ?? [] as $name => $value) { $requirements[$this->namespace . '_' . $name] = $value; } return $requirements; }
This will store the requirement as $requirements['tx_example_entities_entity']
but function VariableProcessor::deflateValues() uses VariableProcessor::LEVEL_DELIMITER
which is __
(double underscore).
Altering getNamespacedRequirements() to also use double underscore fixes this issue.
Updated by Guido Schmechel over 5 years ago
I did not quite understand the problem yet. You generate a valid slug in the TCA and what exactly do you want to check then?
I tried to reproduce it. I had a given slug and tried to limit it with '[a-z] {0-6}'. In both cases there was no problem with the routing. Maybe you can explain it more exactly what exactly your regex does?
Thanks!
Updated by Georg Tiefenbrunn over 5 years ago
Guido Schmechel wrote:
I did not quite understand the problem yet. You generate a valid slug in the TCA and what exactly do you want to check then?
- "custom slug field" doesn't mean "valid slug in the TCA".
- I expect PersistedAliasMapper to validate the argument against the given regexp (and correctly handle invalid values by e.g. returning 404) before executing a DB query (which might deliver false positives; see below).
Let's assume we have a https://schema.org/Person entity with properties familyName
, givenName
and birthDate
, etc. Using DataHandler we generate a field the_string_we_use_as_slug
of type input
(NOT 'type' => 'slug'
) with e.g.
{givenName}_{familyName}
if this slug is unique or{givenName}_{familyName}_{yearOf{birthDate}}
if multiple persons with the same name exists.
Or any other great "logic" we can't handle with TCA's generatorOptions like:
- https://en.wikipedia.org/wiki/John_Williams
- https://en.wikipedia.org/wiki/John_Burr_Williams +
additionalName
- https://en.wikipedia.org/wiki/John_Williams_(researcher) +
jobTitle
- https://en.wikipedia.org/wiki/John_Henry_Williams_(economist) +
additionalName
+jobTitle
When using PersistedAliasMapper in PluginEnhancer/ExtbasePluginEnhancer on routeFieldName: the_string_we_use_in_urls
the provided argument won't be validated (requirements
are not checked) before DB lookup and thus accepts invalid/unwanted/non-unique URLs.
Test case: the_string_we_use_as_slug='rene_medvesek'
Without validation Rene_Medvesek
, René_Medvesek
and rené_medvešek
are valid routes (using mySQL without convert/collate):
INSERT INTO `tx_foo` (`name`) VALUES ('rene_medvesek'); SELECT * FROM `tx_foo` WHERE `name` = 'Rene_Medvesek'; SELECT * FROM `tx_foo` WHERE `name` = 'René_Medvesek'; SELECT * FROM `tx_foo` WHERE `name` = 'rené_medvešek';
Updated by Georg Tiefenbrunn over 5 years ago
Guido Schmechel wrote:
Maybe you can explain it more exactly what exactly your regex does?
Treat all arguments as invalid which doesn't match e.g. ^[\x61-\x7A-]{3,10}_[\x61-\x7A-]{3,20}$
Updated by Francois Suter about 5 years ago
- Related to Task #88686: Fix requirements in parameter added
Updated by Francois Suter about 5 years ago
The patch being discussed here: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60361 will fix this issue too I think, because it hashes the keys for the requirements. Maybe you want to give it a try.
Updated by Oliver Hader almost 5 years ago
- Status changed from New to Closed
Most probably is fixed in lates dev-branches for 9.5.15-dev and 10.4.0-dev.
In case this issue is still around, feel free to reopen this issue.
Updated by Oliver Hader almost 5 years ago
- Related to Bug #86895: routeEnhancer not working correct for paginate widget added