Bug #89185
closed
Routing: requirements are not validated for PersistedAliasMapper in PluginEnhancer/ExtbasePluginEnhancer
0%
Description
I'd like to add a requirement for an aspect of type PersistedAliasMapper on a custom slug field:
routeEnhancers:
ExamplePlugin:
type: Extbase
extension: Example
plugin: Entities
routes:
-
routePath: '/{entity}'
_arguments:
entity: entity
requirements:
entity: '^...$'
aspects:
entity:
type: PersistedAliasMapper
tableName: tx_myext_domain_model_entity
routeFieldName: slug
Routing and link generation works like expected, but /{entity} isn't validated.
PLease have a look at function PluginEnhancer::getNamespacedRequirements():
protected function getNamespacedRequirements(): array
{
$requirements = [];
foreach ($this->configuration['requirements'] ?? [] as $name => $value) {
$requirements[$this->namespace . '_' . $name] = $value;
}
return $requirements;
}
This will store the requirement as $requirements['tx_example_entities_entity'] but function VariableProcessor::deflateValues() uses VariableProcessor::LEVEL_DELIMITER which is __ (double underscore).
Altering getNamespacedRequirements() to also use double underscore fixes this issue.
Updated by Guido Schmechel over 4 years ago
I did not quite understand the problem yet. You generate a valid slug in the TCA and what exactly do you want to check then?
I tried to reproduce it. I had a given slug and tried to limit it with '[a-z] {0-6}'. In both cases there was no problem with the routing. Maybe you can explain it more exactly what exactly your regex does?
Thanks!
Updated by Georg Tiefenbrunn over 4 years ago
Guido Schmechel wrote:
I did not quite understand the problem yet. You generate a valid slug in the TCA and what exactly do you want to check then?
- "custom slug field" doesn't mean "valid slug in the TCA".
- I expect PersistedAliasMapper to validate the argument against the given regexp (and correctly handle invalid values by e.g. returning 404) before executing a DB query (which might deliver false positives; see below).
Let's assume we have a https://schema.org/Person entity with properties familyName, givenName and birthDate, etc. Using DataHandler we generate a field the_string_we_use_as_slug of type input (NOT 'type' => 'slug') with e.g.
{givenName}_{familyName}if this slug is unique or{givenName}_{familyName}_{yearOf{birthDate}}if multiple persons with the same name exists.
Or any other great "logic" we can't handle with TCA's generatorOptions like:
- https://en.wikipedia.org/wiki/John_Williams
- https://en.wikipedia.org/wiki/John_Burr_Williams +
additionalName - https://en.wikipedia.org/wiki/John_Williams_(researcher) +
jobTitle - https://en.wikipedia.org/wiki/John_Henry_Williams_(economist) +
additionalName+jobTitle
When using PersistedAliasMapper in PluginEnhancer/ExtbasePluginEnhancer on routeFieldName: the_string_we_use_in_urls the provided argument won't be validated (requirements are not checked) before DB lookup and thus accepts invalid/unwanted/non-unique URLs.
Test case: the_string_we_use_as_slug='rene_medvesek'
Without validation Rene_Medvesek, René_Medvesek and rené_medvešek are valid routes (using mySQL without convert/collate):
INSERT INTO `tx_foo` (`name`) VALUES ('rene_medvesek');
SELECT * FROM `tx_foo` WHERE `name` = 'Rene_Medvesek';
SELECT * FROM `tx_foo` WHERE `name` = 'René_Medvesek';
SELECT * FROM `tx_foo` WHERE `name` = 'rené_medvešek';
Updated by Georg Tiefenbrunn over 4 years ago
Guido Schmechel wrote:
Maybe you can explain it more exactly what exactly your regex does?
Treat all arguments as invalid which doesn't match e.g. ^[\x61-\x7A-]{3,10}_[\x61-\x7A-]{3,20}$
Updated by Francois Suter over 4 years ago
- Related to Task #88686: Fix requirements in parameter added
Updated by Francois Suter over 4 years ago
The patch being discussed here: https://review.typo3.org/c/Packages/TYPO3.CMS/+/60361 will fix this issue too I think, because it hashes the keys for the requirements. Maybe you want to give it a try.
Updated by Oliver Hader about 4 years ago
- Status changed from New to Closed
Most probably is fixed in lates dev-branches for 9.5.15-dev and 10.4.0-dev.
In case this issue is still around, feel free to reopen this issue.
Updated by Oliver Hader about 4 years ago
- Related to Bug #86895: routeEnhancer not working correct for paginate widget added