From 19b5ee0f3706bf996a4287e6e89449dd71c4bef3 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Wed, 3 Jul 2019 17:46:13 +0200
Subject: [PATCH] [TASK] Switch to json_encode/json_decode for Extbase
arguments
Extbase argument mapping and request building can be optimized
by using json_encode instead of serialize which is a bit more
"space-saving".
Besides that information in [__referrer][arguments] is dropped
which was supposed to have happened in TYPO3 v8 already.
Resolves: #88682
Releases: master
Change-Id: Ifbb4192803378b1c1984405bdca04c282b8f4335
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61223
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Alexander Schnitzler <review.typo3.org@alexanderschnitzler.de>
Tested-by: Johannes Seipelt <johannes.seipelt@3m5.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Alexander Schnitzler <review.typo3.org@alexanderschnitzler.de>
Reviewed-by: Johannes Seipelt <johannes.seipelt@3m5.de>
---
.../Controller/MvcPropertyMappingConfigurationService.php | 4 ++--
typo3/sysext/extbase/Classes/Mvc/Web/Request.php | 6 +-----
.../Mvc/Validation/ActionControllerValidationTest.php | 4 ++--
.../MvcPropertyMappingConfigurationServiceTest.php | 6 +++---
typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php | 3 +--
.../fluid/Tests/Unit/ViewHelpers/FormViewHelperTest.php | 1 -
6 files changed, 9 insertions(+), 15 deletions(-)
diff --git a/typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php b/typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php
index e1869013497f..355d72fafb6a 100644
--- a/typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php
+++ b/typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php
@@ -107,7 +107,7 @@ class MvcPropertyMappingConfigurationService implements \TYPO3\CMS\Core\Singleto
*/
protected function serializeAndHashFormFieldArray(array $formFieldArray)
{
- $serializedFormFieldArray = serialize($formFieldArray);
+ $serializedFormFieldArray = json_encode($formFieldArray);
return $this->hashService->appendHmac($serializedFormFieldArray);
}
@@ -126,7 +126,7 @@ class MvcPropertyMappingConfigurationService implements \TYPO3\CMS\Core\Singleto
}
$serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
- $trustedProperties = unserialize($serializedTrustedProperties);
+ $trustedProperties = json_decode($serializedTrustedProperties, true);
foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
if (!$controllerArguments->hasArgument($propertyName)) {
continue;
diff --git a/typo3/sysext/extbase/Classes/Mvc/Web/Request.php b/typo3/sysext/extbase/Classes/Mvc/Web/Request.php
index 2f1d0572a102..a8fafa354566 100644
--- a/typo3/sysext/extbase/Classes/Mvc/Web/Request.php
+++ b/typo3/sysext/extbase/Classes/Mvc/Web/Request.php
@@ -187,12 +187,8 @@ class Request extends \TYPO3\CMS\Extbase\Mvc\Request
public function getReferringRequest()
{
if (isset($this->internalArguments['__referrer']['@request'])) {
- $referrerArray = unserialize($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['@request']));
+ $referrerArray = json_decode($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['@request']), true);
$arguments = [];
- if (isset($this->internalArguments['__referrer']['arguments'])) {
- // This case is kept for compatibility in 7.6 and 6.2, but will be removed in 8
- $arguments = unserialize(base64_decode($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['arguments'])));
- }
// todo: Creating a referring request object here with a new statement is strange.
// todo: As request objects have inject methods and are still meant to be created via object manager,
// todo: this creates a partly non functional object. This is ok here as only the arguments matter, but
diff --git a/typo3/sysext/extbase/Tests/Functional/Mvc/Validation/ActionControllerValidationTest.php b/typo3/sysext/extbase/Tests/Functional/Mvc/Validation/ActionControllerValidationTest.php
index 87ab33f92767..4e13c73a1525 100644
--- a/typo3/sysext/extbase/Tests/Functional/Mvc/Validation/ActionControllerValidationTest.php
+++ b/typo3/sysext/extbase/Tests/Functional/Mvc/Validation/ActionControllerValidationTest.php
@@ -80,7 +80,7 @@ class ActionControllerValidationTest extends FunctionalTestCase
$referrerRequest['@action'] = 'testForm';
$request->setArgument(
'__referrer',
- ['@request' => $this->getHashService()->appendHmac(serialize($referrerRequest))]
+ ['@request' => $this->getHashService()->appendHmac(json_encode($referrerRequest))]
);
while (!$request->isDispatched()) {
@@ -143,7 +143,7 @@ class ActionControllerValidationTest extends FunctionalTestCase
$referrerRequest['@action'] = 'testForm';
$request->setArgument(
'__referrer',
- ['@request' => $this->getHashService()->appendHmac(serialize($referrerRequest))]
+ ['@request' => $this->getHashService()->appendHmac(json_encode($referrerRequest))]
);
while (!$request->isDispatched()) {
diff --git a/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php b/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php
index 3c70fe64a199..a705b1100ed8 100644
--- a/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php
+++ b/typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php
@@ -159,14 +159,14 @@ class MvcPropertyMappingConfigurationServiceTest extends UnitTestCase
$hashService = $this->getMockBuilder($this->buildAccessibleProxy(\TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::class))
->setMethods(['appendHmac'])
->getMock();
- $hashService->expects($this->once())->method('appendHmac')->with(serialize($formFieldArray))->will($this->returnValue(serialize($formFieldArray) . $mockHash));
+ $hashService->expects($this->once())->method('appendHmac')->with(json_encode($formFieldArray))->will($this->returnValue(json_encode($formFieldArray) . $mockHash));
$requestHashService = $this->getMockBuilder($this->buildAccessibleProxy(\TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::class))
->setMethods(['dummy'])
->getMock();
$requestHashService->_set('hashService', $hashService);
- $expected = serialize($formFieldArray) . $mockHash;
+ $expected = json_encode($formFieldArray) . $mockHash;
$actual = $requestHashService->_call('serializeAndHashFormFieldArray', $formFieldArray);
$this->assertEquals($expected, $actual);
}
@@ -302,7 +302,7 @@ class MvcPropertyMappingConfigurationServiceTest extends UnitTestCase
$mockHashService = $this->getMockBuilder(\TYPO3\CMS\Extbase\Security\Cryptography\HashService::class)
->setMethods(['validateAndStripHmac'])
->getMock();
- $mockHashService->expects($this->once())->method('validateAndStripHmac')->with('fooTrustedProperties')->will($this->returnValue(serialize($trustedProperties)));
+ $mockHashService->expects($this->once())->method('validateAndStripHmac')->with('fooTrustedProperties')->will($this->returnValue(json_encode($trustedProperties)));
$requestHashService = $this->getAccessibleMock(\TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::class, ['dummy']);
$requestHashService->_set('hashService', $mockHashService);
diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
index 937c3ba31f51..57c0e0cf34a8 100644
--- a/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
+++ b/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
@@ -268,8 +268,7 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
$result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@extension]') . '" value="' . $extensionName . '" />' . LF;
$result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@controller]') . '" value="' . $controllerName . '" />' . LF;
$result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@action]') . '" value="' . $actionName . '" />' . LF;
- $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[arguments]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(base64_encode(serialize($request->getArguments())))) . '" />' . LF;
- $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@request]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(serialize($actionRequest))) . '" />' . LF;
+ $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@request]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(json_encode($actionRequest))) . '" />' . LF;
return $result;
}
diff --git a/typo3/sysext/fluid/Tests/Unit/ViewHelpers/FormViewHelperTest.php b/typo3/sysext/fluid/Tests/Unit/ViewHelpers/FormViewHelperTest.php
index 48b57876057b..1dcc63e400d1 100644
--- a/typo3/sysext/fluid/Tests/Unit/ViewHelpers/FormViewHelperTest.php
+++ b/typo3/sysext/fluid/Tests/Unit/ViewHelpers/FormViewHelperTest.php
@@ -258,7 +258,6 @@ class FormViewHelperTest extends ViewHelperBaseTestcase
$expectedResult = \chr(10) . '<input type="hidden" name="__referrer[@extension]" value="extensionName" />'
. \chr(10) . '<input type="hidden" name="__referrer[@controller]" value="controllerName" />'
. \chr(10) . '<input type="hidden" name="__referrer[@action]" value="controllerActionName" />'
- . \chr(10) . '<input type="hidden" name="__referrer[arguments]" value="" />'
. \chr(10) . '<input type="hidden" name="__referrer[@request]" value="" />' . \chr(10);
$viewHelper->_set('tag', $this->tagBuilder);
$this->assertEquals($expectedResult, $hiddenFields);
--
GitLab