Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error when passing an array as sort direction parameter in ORM pagination #322

Open
MalteWunsch opened this issue May 30, 2023 · 4 comments
Open

Error when passing an array as sort direction parameter in ORM pagination #322

MalteWunsch opened this issue May 30, 2023 · 4 comments

Comments

@MalteWunsch
Copy link

Affected version: 3.6.0 (possibly 4.1.0 as well)

When using ORM pagination and calling something like http://localhost/galery/page/2?direction[test]=1&sort=columnname, the direction parameter becomes an array. This will result in an array to string conversion error in the 3.6.0 QuerySubscriber. The 4.1.0 QuerySubscriber looks like it could be affected, too.

First, I thought about a quick is_string() check. But then I noticed that other places like the SlidingPagination in the KnpPaginatorBundle rely on the direction parameter to be a string, too. It seems that more than one class gets the value directly from the request. So my current idea is fixing the request with a kernel event subscriber like this draft:

final class SanitizeKnpPaginationParameters implements EventSubscriberInterface
{
    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::REQUEST => ['onKernelRequest', 10],
        ];
    }

    public function onKernelRequest(RequestEvent $event): void
    {
        $direction = $event->getRequest()->query->get('direction');

        if (null === $direction || \is_string($direction)) {
            return;
        }

        $event->getRequest()->query->set('direction', 'desc');
    }
}

What do you think? I'm not convinced this steamroller approach is an elegant solution.

I'd be happy to open a PR when we have a good notion on how to do it. (If so, could I target a 3.x branch or are PRs only accepted on the current major?)
@mpdude
Copy link

mpdude commented May 30, 2023

#306 might be related, but is in a very early discussion stage

@mpdude
Copy link

mpdude commented May 30, 2023

IMHO, using an EventSubscriber approach like the one above is a bit like "I don't know who and where you're going to use it, so I'll fix this upfront in a central place".

That's surprising for developers working on this library, since you wonder (no obvious hints) where the type conversion happens.

Also, from looking at the code in the event subscribers, you might also ask whether or not this type-checking takes place at all. Includes static analysis tools that may not see the actual types.

What about using \Symfony\Component\HttpFoundation\ParameterBag::filter() to access these parameters, passing FILTER_REQUIRE_SCALAR for $options?

@garak
Copy link
Collaborator

garak commented May 30, 2023

Unfortunately the RFC in #306 didn't gain momentum, but anyway the implementation already started, and in the 4.x branch you can access arguments using your own implementation.

@garak
Copy link
Collaborator

garak commented Sep 8, 2023

The latest major version implemented what proposed in #306
Did you try it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@garak @mpdude @MalteWunsch