1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 21:40:55 +01:00

Improve error passing task IDs as URL parameter in invalid format

Summary:
Maniphest expects the values of the `ids` URL parameter to be integers. Example: http://phorge.localhost/maniphest/?ids=1,2,3,4 to show a list of tasks with those IDs.
When passing monograms instead (`T` prefix, like `T123` instead of `123`), a cryptic message `Expected a numeric scalar or null for %Ld conversion` is shown.

Thus check if `$this->taskIDs` consists of integers only; if not throw a `PhutilSearchQueryCompilerSyntaxException` with an explanatory error message.

Closes T15838

Test Plan: Go to http://phorge.localhost/maniphest/?ids=T1,T2,T3,T4 before and after applying the patch.

Reviewers: O1 Blessed Committers, avivey

Reviewed By: O1 Blessed Committers, avivey

Subscribers: avivey, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15838

Differential Revision: https://we.phorge.it/D25669
This commit is contained in:
Andre Klapper 2024-05-21 18:46:31 +02:00
parent 40b1e6b17a
commit 4bf5c452eb

View file

@ -358,6 +358,10 @@ final class ManiphestTaskQuery extends PhabricatorCursorPagedPolicyAwareQuery {
$where[] = $this->buildOwnerWhereClause($conn);
if ($this->taskIDs !== null) {
if (!ctype_digit(implode('', $this->taskIDs))) {
throw new PhutilSearchQueryCompilerSyntaxException(
pht('Task IDs must be integer numbers.'));
}
$where[] = qsprintf(
$conn,
'task.id in (%Ld)',