We should take care of this as soon as possible. We're getting some issues from people who is confused about this: symfony/symfony#37029, symfony/symfony#36725, symfony/symfony#37229, etc.

@azjezz explained to me that this is how the new code works:

// new method -> equivalent code
get('foo') is getString('foo')
all('foo') is getArray('foo')
all() is getAll()
all()['foo'] ?? null is getStringOrArrayOrNull('foo')

Any volunteer to provide these docs?

Some more information:

The problem solved by InputBag is that when the URL is https://example.com/something?q[]=faa if you do a ->get('q') you get a 500 error because the query param is an array and not a string (it should be q=faa not q[]=faa). The expected behavior is not a 500 error but a 400 error.

Thanks to InputBag this now shows a deprecation, but in Symfony 6 it will generate the expected 400 error.

The problem solved by InputBag is that when the URL is https://example.com/something?q[]=faa if you do a ->get('q') you get a 500 error because the query param is an array and not a string (it should be q=faa not q[]=faa). The expected behavior is not a 500 error but a 400 error.

To explain more, the 500 error doesn't result from get('q') itself, but the return value will be an array, the developer might think that the return value is always a string as that's what they are expecting, but it's not. as soon as that variable is passed to a function/method that expects a string, a 500 error will raise.

e.g:

class FooRepository
{
  // code ..

  /**
   * Search for all the foos containing the given keyword.
   */
  public function search(string $keyword): iterable
  {

  }

  // code ...
}

final class FooController extends AbstractController
{
  private FooRepository $foos;

  public function __construct(FooRepository $foos)
  {
    $this->foos = $foos;
  }

  /**
   * @Route('/foo/search', methods={'GET'}, name='foo_search')
   */
  public function search(Request $request): Response
  {
    $keyword = $request->request->get('q', null);
    if (null === $keyword) {
      $foos = [];
    } else {
      $foos = $this->foos->search($keyword);
    }

    // render foos
  }

}

in the example above, the expected value for q( $keyword ), is string ( q=bar ), however, passing an array ( q[]=bar ) will result in a 500 server error.

ÌnputBag is the first step toward fixing this, by triggering a deprecation when an array is encountered, this tells the developer :

if you are expecting this array, use all('q'), if you are expecting a string, ignore this deprecation, Symfony 6 will throw an exception with status code 400 back to the client.

if you are expecting this array, use all('q')

Note: all('q') is another new feature in InputBag if the value of q is a string, all('q') will not trigger a deprecation, instead it will throw an exception with status code 400 :)

Thank you for this issue.
There has not been a lot of activity here for a while. Has this been resolved?

Friendly reminder that this issue exists. If I don't hear anything I'll close this.

Hey,

I didn't hear anything so I'm going to close it. Feel free to comment if this is still relevant, I can always reopen!