[HttpFoundation] Use parse_str() for query strings normalization #26220
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ee28ab3 to
b30f256
Compare
| @@ -524,9 +524,11 @@ public function __toString() | |||
| */ | |||
| public function overrideGlobals() | |||
| { | |||
| $this->server->set('QUERY_STRING', static::normalizeQueryString(http_build_query($this->query->all(), null, '&'))); | |||
| $qs = $this->query->all(); | |||
There was a problem hiding this comment.
Could we please rename $qs var as $queryString? 🙏
| $this->assertSame($expectedQuery, $request->getQueryStringForPhp(), $msg); | ||
| } | ||
|
|
||
| public function getQueryStringNormalizationDataForPhp() |
There was a problem hiding this comment.
Could we add some tests with UTF-8 chars in the query string? You can see those in URLs like https://github.com/symfony/symfony/issues?utf8=✓
e98cdc3 to
dbcf2fb
Compare
ro0NL
reviewed
Feb 20, 2018
| @@ -656,6 +658,24 @@ public static function normalizeQueryString($qs) | |||
| return implode('&', $parts); | |||
| } | |||
|
|
|||
| /** | |||
| * Normalizes a query string using `parse_str()`. | |||
There was a problem hiding this comment.
should the parse_str implem be further clarified? It doesnt really tell when to use normalizeQueryStringForPhp vs. normalizeQueryString given both document:
* It builds a normalized query string, where keys/value pairs are alphabetized,
* have consistent escaping and unneeded delimiters are removed.
Does/Should ...ForPhp() imply @internal api?
There was a problem hiding this comment.
When the resulting string is going to be passed to a PHP based server, you should use the ForPhp variant.
It should certainly not be internal, since this has been requested by users. We want to provide them with the tool :)
| array('foo[]=Z&foo[]=A', 'foo%5B0%5D=Z&foo%5B1%5D=A', 'keeps order of values'), | ||
| array('foo[Z]=B&foo[A]=B', 'foo%5BZ%5D=B&foo%5BA%5D=B', 'keeps order of keys'), | ||
|
|
||
| array('utf8=✓', 'utf8=%E2%9C%93', 'encodes UTF-8'), |
There was a problem hiding this comment.
Since we're testing the query string sorting, maybe you could add here more than one query string param: array('utf8=✓', ... -> array('utf8=✓&utf16=✘', ...
There was a problem hiding this comment.
to test what? this is unrelated to the behavior of this function, isn't it?
dbcf2fb to
85383c1
Compare
|
ping @fabpot I suppose since this is HttpFoundation (failures unrelated) |
85383c1 to
71b02a1
Compare
71b02a1 to
5133536
Compare
|
Thank you @nicolas-grekas. |
fabpot
added a commit
that referenced
this pull request
Mar 23, 2018
…malization (nicolas-grekas) This PR was merged into the 4.1-dev branch. Discussion ---------- [HttpFoundation] Use parse_str() for query strings normalization | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Follow up of #26214 and #26202 The current normalization logic is both too loose and too broad: it changes the order of recursive data structures, while not normalizing keys. Since the normalization logic varies by query string parser, I'd like to propose a logic that exactly matches the native PHP one, which is exposed to userland via `parse_str()`. Using this, we accurately remove all useless information, while preserving all the meaningful one. (The change in `overrideGlobals()` is a bug fix to me btw, the current logic breaks the interpretation of legitimate query strings.) Commits ------- 5133536 [HttpFoundation] Use parse_str() for query strings normalization
Merged
fabpot
added a commit
that referenced
this pull request
Jun 24, 2020
…oes the same as `parse_str()` but preserves dots in variable names (nicolas-grekas) This PR was merged into the 5.2-dev branch. Discussion ---------- [HttpFoundation] add `HeaderUtils::parseQuery()`: it does the same as `parse_str()` but preserves dots in variable names | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Inspired by symfony/psr-http-message-bridge#80 /cc @drupol Related to #9009, #29664, #26220 but also api-platform/core#509 and https://www.drupal.org/project/drupal/issues/2984272 /cc @dunglas @alexpott Commits ------- dd81e32 [HttpFoundation] add `HeaderUtils::parseQuery()`: it does the same as `parse_str()` but preserves dots in variable names
inri13666
pushed a commit
to oro-flex/batch-bundle
that referenced
this pull request
Dec 28, 2021
- change verbosity level for oro:platform:update command on CI - fixed TestKernel construction, incorrect namespace uses, current work directory - misc services marked as public - updated jsm serializer version - made use of DebugProcessor instead of the deprecated DebugHandler - replaced not existing anymore LockHandler to new symfony component symfony/lock. Added needed changes to the logic - temporary disabled "closed entity manager" in dataProvider for test JobStorageTest - temporary disabled "closed entity manager" in dataProvider for test DoctrineJobRepositoryTest - changed container file name in functional_standalone.sh - Symfony 4 changed Request::normalizeQueryString() (symfony/symfony#26220). Due to our logic has own filters (query params) which is not compatible with new implementation. We use old approach till we change our logic to use new syntax
inri13666
pushed a commit
to oro-flex/message-queue-bundle
that referenced
this pull request
Jan 6, 2022
- change verbosity level for oro:platform:update command on CI - fixed TestKernel construction, incorrect namespace uses, current work directory - misc services marked as public - updated jsm serializer version - made use of DebugProcessor instead of the deprecated DebugHandler - replaced not existing anymore LockHandler to new symfony component symfony/lock. Added needed changes to the logic - temporary disabled "closed entity manager" in dataProvider for test JobStorageTest - temporary disabled "closed entity manager" in dataProvider for test DoctrineJobRepositoryTest - changed container file name in functional_standalone.sh - Symfony 4 changed Request::normalizeQueryString() (symfony/symfony#26220). Due to our logic has own filters (query params) which is not compatible with new implementation. We use old approach till we change our logic to use new syntax
josh-taylor-k3
pushed a commit
to josh-taylor-k3/crm-application-using-symfony
that referenced
this pull request
Nov 4, 2024
- change verbosity level for oro:platform:update command on CI - fixed TestKernel construction, incorrect namespace uses, current work directory - misc services marked as public - updated jsm serializer version - made use of DebugProcessor instead of the deprecated DebugHandler - replaced not existing anymore LockHandler to new symfony component symfony/lock. Added needed changes to the logic - temporary disabled "closed entity manager" in dataProvider for test JobStorageTest - temporary disabled "closed entity manager" in dataProvider for test DoctrineJobRepositoryTest - changed container file name in functional_standalone.sh - Symfony 4 changed Request::normalizeQueryString() (symfony/symfony#26220). Due to our logic has own filters (query params) which is not compatible with new implementation. We use old approach till we change our logic to use new syntax
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Follow up of #26214 and #26202
The current normalization logic is both too loose and too broad: it changes the order of recursive data structures, while not normalizing keys.
Since the normalization logic varies by query string parser, I'd like to propose a logic that exactly matches the native PHP one, which is exposed to userland via
parse_str(). Using this, we accurately remove all useless information, while preserving all the meaningful one.(The change in
overrideGlobals()is a bug fix to me btw, the current logic breaks the interpretation of legitimate query strings.)