Bug #25801
Request arguments should never contain objects
Status: | Resolved | Start date: | 2011-04-06 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Bastian Waidelich | % Done: | 100% |
|
Category: | MVC | |||
Target version: | - | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | (any) |
Description
__referrer[arguments]
hidden field gets huge which poses 3 major issues:
- you'll have to transfer a lot of unnecessary data
- the URI for redirects will grow to a point where the browser dies
- if an object is not serializable, you get serialization errors
Thus RoutePartHandler must not return objects. Instead they should return simple types/arrays understandable by the PropertyMapper (or a dedicated ObjectConverter)
Discuss: Should this be enforced in the routing process?
Related issues
Associated revisions
[+BUGFIX] Request arguments should never contain objects
Request arguments are serialized in Fluid forms in order to generate the
hidden referrer fields that are required to "replay" the last request in
case of an validation error. If a request argument is a complex type,
the value of the __referrer[arguments] hidden field gets huge which
poses 3 major issues:
1. you'll have to transfer a lot of unnecessary data
2. the URI for redirects will grow to a point where the browser dies
3. if an object is not serializable, you get serialization errors
Fixes: #25801
Change-Id: Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e
History
#1 Updated by Bastian Waidelich over 4 years ago
Note: We currently also add objects to the Request in ActionController::forward(). To make sure, we only have simple types in the request we could convert objects to identity arrays in Request::setArgument()
.
See Route::convertDomainObjectsToIdentityArrays()
#2 Updated by Bastian Waidelich over 4 years ago
- Status changed from New to Accepted
- Assigned To set to Bastian Waidelich
#3 Updated by Mr. Hudson over 4 years ago
Patch set 1 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604
#4 Updated by Mr. Hudson over 4 years ago
Patch set 2 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604
#5 Updated by Mr. Hudson over 4 years ago
Patch set 3 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604
#6 Updated by Mr. Hudson over 4 years ago
Patch set 4 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604
#7 Updated by Bastian Waidelich over 4 years ago
- Status changed from Accepted to Resolved
- % Done changed from 0 to 100
Applied in changeset 4f8708ed15e7fca71921f58a9d1fb38dd6f28f13.
#8 Updated by Tim Spiekerkötter almost 2 years ago
Has this ever been backported to Extbase? I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.
#9 Updated by Bastian Waidelich almost 2 years ago
- Has patch set to No
- Affected Flow version set to (any)
Tim Spiekerkötter wrote:
I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.
The simple type restriction is not active for internal arguments (starting with __). But if your referrer arguments are that large there's probably something wrong, yes
#10 Updated by Tim Spiekerkötter almost 2 years ago
Hi Bastian,
thank you for your answer. My request has two arguments, both are Extbase models and the FormViewHelper just serializes those arugments and therefore generating a giant hidden field. I don't want to spam this Flow issue but I don't know if this is an Extbase issue or a problem within my application.
Bastian Waidelich wrote:
Tim Spiekerkötter wrote:
I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.
The simple type restriction is not active for internal arguments (starting with __). But if your referrer arguments are that large there's probably something wrong, yes
#11 Updated by Bastian Waidelich almost 2 years ago
Tim Spiekerkötter wrote:
Hi Tim,
thank you for your answer. My request has two arguments, both are Extbase models [...]
You should refer to the Extbase bugtracker (http://forge.typo3.org/projects/show/typo3v4-mvc) or rather the Extbase forum (http://forum.typo3.org/index.php/f/60/). Those guys have a better overview of the current state and what has been backported