core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon MetaModels

Comma character in $arrFilterUrl

Open richardhj opened this issue 5 years ago • 9 comments

Checklist before I submit this issue report

I confirm that:

  • [x] I have tested this with the latest version available
  • [x] I have read documentation @ http://metamodels.readthedocs.org/en/ or http://metamodels.readthedocs.org/de/
  • [x] I have checked the Contao community forums for references https://community.contao.org/
  • [x] I have checked existing issues for duplicates and found none @ https://github.com/MetaModels/core/issues?q=is%3Aissue

My environment is:

(Please fill in the actual values from your environment)

Key Value Comments
PHP version: 7.3
Contao version: 4.7
MetaModels version: 2.1
Installation via composer: yes
Installed MetaModels packages: filter_fromto
DCG version: 2.1

Issue description

A comma in the filter URL will be handled as array delimiter.

Steps to reproduce

  1. Place a "fromto" filter on a decimal attribute in the frontend.
  2. If the user inputs a "comma", e.g. 20,00 instead of 20.00, the error will be thrown.

Live example: https://www.ferienpass-luebeck.de/angebote/fee/20.00 OK https://www.ferienpass-luebeck.de/angebote/fee/20,00 NOT OK

Stack trace: https://sentry.io/share/issue/ac77bf0c81e84605a381b4886d18c136/ where $arrFilterUrl =

{
  age: 8,
  available: 1,
  date: ,,
  fee: 20,00
}

richardhj avatar Jun 25 '19 06:06 richardhj

If you have a look at the live example, a comma character is used as a delimiter character for the "date" filter! It is only malicious for the "fee" filter.

richardhj avatar Jun 25 '19 06:06 richardhj

Well, the filter expects a number in English locale where you pass a German locale formatted number here.

As we do not have a locale setting for the decimal separator, I wonder how we can proceed here. :crying_cat_face:

discordier avatar Jun 25 '19 15:06 discordier

Can the character , somehow be urlencoded to %2C?

richardhj avatar Jun 25 '19 15:06 richardhj

Which would still be wrong, as the decimal attribute wants a decimal value to filter later on.

The issue belongs to the fromto filter (and maybe also the range filter) anyway.

In there, only the decimal filtering is causing issues, as they do not handle anything aside from dates, numbers and decimals of which only the latter ones are affected.

discordier avatar Jun 25 '19 15:06 discordier

The decimal attribute casts the value to float and will therefore loose the decimal part ((float)"20,5" => double(20)).

I guess the best immediate solution is to build a kernel.request listener with high priority that swaps the value in the request post data prior redirecting. The URL containing a comma however is plain wrong.

discordier avatar Jun 25 '19 15:06 discordier

it´s a bug or feature?

zonky2 avatar Jul 12 '19 16:07 zonky2

Rather a known locale issue...

discordier avatar Jul 12 '19 18:07 discordier

The question is, which labels we give to the issue? ... and Milestone?

zonky2 avatar Jul 13 '19 09:07 zonky2

related with https://github.com/MetaModels/core/issues/1261

zonky2 avatar May 05 '22 18:05 zonky2