Bug #25801

Request arguments should never contain objects

Added by Bastian Waidelich over 4 years ago. Updated almost 2 years ago.

Status:Resolved Start date:2011-04-06
Priority:Should have Due date:
Assigned To:Bastian Waidelich % Done:

100%
Category:MVC
Target version:-
PHP Version: Complexity:
Has patch:No Affected Flow version:(any)

Description

Request arguments are serialized in Fluid forms in order to generate the hidden referrer fields that are required to "replay" the last request in case of an validation error. If a request argument is a complex type, the value of the __referrer[arguments] hidden field gets huge which poses 3 major issues:
  1. you'll have to transfer a lot of unnecessary data
  2. the URI for redirects will grow to a point where the browser dies
  3. if an object is not serializable, you get serialization errors

Thus RoutePartHandler must not return objects. Instead they should return simple types/arrays understandable by the PropertyMapper (or a dedicated ObjectConverter)

Discuss: Should this be enforced in the routing process?

Related issues

related to TYPO3.Flow - Bug #25902: It's not possible to add an entity as link/redirect argument Resolved 2011-04-12
related to TYPO3.Flow - Task #26078: Enforce RouteParts to only return simple types Resolved 2011-04-18
related to TYPO3.Flow - Task #25907: Referrer should only contain the URI of the previous request New 2011-04-12

Associated revisions

Revision 4f8708ed
Added by Bastian Waidelich over 4 years ago

[+BUGFIX] Request arguments should never contain objects

Request arguments are serialized in Fluid forms in order to generate the
hidden referrer fields that are required to "replay" the last request in
case of an validation error. If a request argument is a complex type,
the value of the __referrer[arguments] hidden field gets huge which
poses 3 major issues:

1. you'll have to transfer a lot of unnecessary data
2. the URI for redirects will grow to a point where the browser dies
3. if an object is not serializable, you get serialization errors

Fixes: #25801
Change-Id: Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e

History

#1 Updated by Bastian Waidelich over 4 years ago

Note: We currently also add objects to the Request in ActionController::forward(). To make sure, we only have simple types in the request we could convert objects to identity arrays in Request::setArgument().
See Route::convertDomainObjectsToIdentityArrays()

#2 Updated by Bastian Waidelich over 4 years ago

  • Status changed from New to Accepted
  • Assigned To set to Bastian Waidelich

#3 Updated by Mr. Hudson over 4 years ago

Patch set 1 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604

#4 Updated by Mr. Hudson over 4 years ago

Patch set 2 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604

#5 Updated by Mr. Hudson over 4 years ago

Patch set 3 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604

#6 Updated by Mr. Hudson over 4 years ago

Patch set 4 of change Ia7b2c9972003c3f91170dc63db43ef2b3c15fc4e has been pushed to the review server.
It is available at http://review.typo3.org/1604

#7 Updated by Bastian Waidelich over 4 years ago

  • Status changed from Accepted to Resolved
  • % Done changed from 0 to 100

#8 Updated by Tim Spiekerkötter almost 2 years ago

Has this ever been backported to Extbase? I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.

#9 Updated by Bastian Waidelich almost 2 years ago

  • Has patch set to No
  • Affected Flow version set to (any)

Tim Spiekerkötter wrote:

I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.

The simple type restriction is not active for internal arguments (starting with __). But if your referrer arguments are that large there's probably something wrong, yes

#10 Updated by Tim Spiekerkötter almost 2 years ago

Hi Bastian,

thank you for your answer. My request has two arguments, both are Extbase models and the FormViewHelper just serializes those arugments and therefore generating a giant hidden field. I don't want to spam this Flow issue but I don't know if this is an Extbase issue or a problem within my application.

Bastian Waidelich wrote:

Tim Spiekerkötter wrote:

I have a huge hidden [__referrer][arguments] field with several kb in size. That causes problems with the fgci settings, and I wonder if I have done something wrong.

The simple type restriction is not active for internal arguments (starting with __). But if your referrer arguments are that large there's probably something wrong, yes

#11 Updated by Bastian Waidelich almost 2 years ago

Tim Spiekerkötter wrote:

Hi Tim,

thank you for your answer. My request has two arguments, both are Extbase models [...]

You should refer to the Extbase bugtracker (http://forge.typo3.org/projects/show/typo3v4-mvc) or rather the Extbase forum (http://forum.typo3.org/index.php/f/60/). Those guys have a better overview of the current state and what has been backported

Also available in: Atom PDF