-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix url escaping for array parameters in Navigation links #58068
Conversation
Flaky tests detected in aaf5586. 🔍 Workflow run URL: https://github.com/WordPress/gutenberg/actions/runs/7711192512
|
cc @mreishus - does this resolve the Issue you reported? 🙏 |
Thanks for the patch, @draganescu! This bug has the potential to bring down a site's frontend if the problematic nav isn't addressed immediately. Test ReportEnvironment
Actual ResultsFatal no longer occurs when adding link with array query params via:
|
Sure does! Thank you @draganescu! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks good to me, but the function requires unit tests and further improvements.
I attempted to intentionally cause it to fail, and here are the results I got:
// See the results below.
var_export( block_core_navigation_link_maybe_urldecode( $url ) );
// 1.
$url = "http://www.example.com/example%20path?param=value";
// Result:
'http://www.example.com/example%20path?param=value' // Not decoded.
// 2.
$url = "http://www.example.com/example%20path?param=value%20with%20space";
// Result:
'http://www.example.com/example%20path?param=value%20with%20space' // Not decoded.
// 3.
$url = "http://www.example.com/path?arrayParam[]=value1&arrayParam[]=value2";
// Result:
Fatal error: Uncaught TypeError: rawurldecode(): Argument #1 ($string) must be of type string, // Fatal error!
// 4.
$url = null;
// Result:
Deprecated: parse_url(): Passing null to parameter #1 ($url) of type string is deprecated in src/wp-includes/blocks/navigation-link.php on line 131
NULL // PHP warning.
Agreed. We need to land this one asap so it's in Gutenberg prior to 17.6.0 on 31st Jan. Confirming that it will not require a backport in order to land in WP 6.5 Beta 1 because the PHP code resides within the block-library package and thus will be automatically synced. |
While my patch fixes the issue, indeed looking at @anton-vlasenko 's tests I doubt the way the function works:it checks only if one of the params of the URL is encoded and then if yes returns the whole URL decoded. Even the doc comment is misleading "Decodes a url if it's encoded, returning the same url if not." since that would be true if we'd have a check like:
which we don't - we return the fully decoded URL only if one of the params are encoded. Moreover, in an URL like I wonder what was the problem with a function like:
Since in the block OTOH for the purposes of landing this sooner rather than later since it fixes a bug that can take down the front end @anton-vlasenko do you think we have any blockers? |
68a5b36
to
05fec26
Compare
@draganescu Yes, I didn't mean to block your PR. Rather, I wanted to point out the issues that I found. Sure, I think the fixes for the issues mentioned in my previous comment can be implemented as a follow-up task when there is enough time for it. Also, adding PHPUnit tests would be good, but, IMO, that can also wait for a future task. |
This pull request has changed or added PHP files. Please confirm whether these changes need to be synced to WordPress Core, and therefore featured in the next release of WordPress. If so, it is recommended to create a new Trac ticket and submit a pull request to the WordPress Core Github repository soon after this pull request is merged. If you're unsure, you can always ask for help in the #core-editor channel in WordPress Slack. Thank you! ❤️ View changed files❔ phpunit/class-block-library-navigation-link-test.php |
4c9c1ff
to
3bf89b3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks good to me.
@draganescu Were array parameters with url encoded values tested with this, something along the lines of Sorry the question came in after the commit, there's a lot to monitor so I tend to track commits rather than try and catch all the things as they're in PRs. |
@peterwilsoncc I tested and the URL you offered as an example is saved as is, which should be ok, right? |
What?
Fixes #58020
Why?
It's a bug fix.
How?
Check if the parameter is a string before attempting to url encode /decode.
Testing Instructions
Testing Instructions for Keyboard
N/A
Screenshots or screencast
N/A