1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-26 07:20:57 +01:00

Allow typeaheads to pass nonscalar data to datasources

Summary:
Ref T13250. Currently, datasources have a `setParameters(...)` method. This method accepts a dictionary and adds the key/value pairs to the raw HTTP request to the datasource endpoint.

Since D20049, this no longer works. Since D20116, it fatals explicitly.

In general, the datasource endpoint accepts other values (like `query`, `offset`, and `limit`), and even before these changes, using secret reserved keys in `setParameters(...)` would silently cause program misbehavior.

To deal with this, pass parameters as a JSON string named "parameters". This fixes the HTTP query issue (the more pressing issue affecting users today) and prevents the "shadowing reserved keys" issue (a theoretical issue which might affect users some day).

(I may revisit the `phutil_build_http_querystring()` behavior and possibly let it make this work again, but I think avoiding the duplicate key issue makes this change desirable even if the querystring behavior changes.)

Test Plan:
  - Used "Land Revision", selected branches.
  - Configured a custom Maniphest "users" field, used the search typeahead, selected users.
  - Manually browsed to `/typeahead/class/PhabricatorPeopleDatasource/?query=hi&parameters=xyz` to see the JSON decode exception.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13250

Differential Revision: https://secure.phabricator.com/D20134
This commit is contained in:
epriestley 2019-02-11 06:48:13 -08:00
parent a20f108034
commit 711871f6bc
2 changed files with 34 additions and 3 deletions

View file

@ -35,7 +35,26 @@ final class PhabricatorTypeaheadModularDatasourceController
if (isset($sources[$class])) {
$source = $sources[$class];
$source->setParameters($request->getRequestData());
$parameters = array();
$raw_parameters = $request->getStr('parameters');
if (strlen($raw_parameters)) {
try {
$parameters = phutil_json_decode($raw_parameters);
} catch (PhutilJSONParserException $ex) {
return $this->newDialog()
->setTitle(pht('Invalid Parameters'))
->appendParagraph(
pht(
'The HTTP parameter named "parameters" for this request is '.
'not a valid JSON parameter. JSON is required. Exception: %s',
$ex->getMessage()))
->addCancelButton('/');
}
}
$source->setParameters($parameters);
$source->setViewer($viewer);
// NOTE: Wrapping the source in a Composite datasource ensures we perform

View file

@ -100,7 +100,7 @@ abstract class PhabricatorTypeaheadDatasource extends Phobject {
public function getDatasourceURI() {
$uri = new PhutilURI('/typeahead/class/'.get_class($this).'/');
$uri->setQueryParams($this->parameters);
$uri->setQueryParams($this->newURIParameters());
return (string)$uri;
}
@ -110,10 +110,22 @@ abstract class PhabricatorTypeaheadDatasource extends Phobject {
}
$uri = new PhutilURI('/typeahead/browse/'.get_class($this).'/');
$uri->setQueryParams($this->parameters);
$uri->setQueryParams($this->newURIParameters());
return (string)$uri;
}
private function newURIParameters() {
if (!$this->parameters) {
return array();
}
$map = array(
'parameters' => phutil_json_encode($this->parameters),
);
return $map;
}
abstract public function getPlaceholderText();
public function getBrowseTitle() {