mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-22 06:42:42 +01:00
Improve error passing task IDs as URL parameter in invalid format
Summary: Maniphest expects the values of the `ids` URL parameter to be integers. Example: http://phorge.localhost/maniphest/?ids=1,2,3,4 to show a list of tasks with those IDs. When passing monograms instead (`T` prefix, like `T123` instead of `123`), a cryptic message `Expected a numeric scalar or null for %Ld conversion` is shown. Thus check if `$this->taskIDs` consists of integers only; if not throw a `PhutilSearchQueryCompilerSyntaxException` with an explanatory error message. Closes T15838 Test Plan: Go to http://phorge.localhost/maniphest/?ids=T1,T2,T3,T4 before and after applying the patch. Reviewers: O1 Blessed Committers, avivey Reviewed By: O1 Blessed Committers, avivey Subscribers: avivey, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno Maniphest Tasks: T15838 Differential Revision: https://we.phorge.it/D25669
This commit is contained in:
parent
40b1e6b17a
commit
4bf5c452eb
1 changed files with 4 additions and 0 deletions
|
@ -358,6 +358,10 @@ final class ManiphestTaskQuery extends PhabricatorCursorPagedPolicyAwareQuery {
|
|||
$where[] = $this->buildOwnerWhereClause($conn);
|
||||
|
||||
if ($this->taskIDs !== null) {
|
||||
if (!ctype_digit(implode('', $this->taskIDs))) {
|
||||
throw new PhutilSearchQueryCompilerSyntaxException(
|
||||
pht('Task IDs must be integer numbers.'));
|
||||
}
|
||||
$where[] = qsprintf(
|
||||
$conn,
|
||||
'task.id in (%Ld)',
|
||||
|
|
Loading…
Reference in a new issue