core
core copied to clipboard
Comma character in $arrFilterUrl
Checklist before I submit this issue report
I confirm that:
- [x] I have tested this with the latest version available
- [x] I have read documentation @ http://metamodels.readthedocs.org/en/ or http://metamodels.readthedocs.org/de/
- [x] I have checked the Contao community forums for references https://community.contao.org/
- [x] I have checked existing issues for duplicates and found none @ https://github.com/MetaModels/core/issues?q=is%3Aissue
My environment is:
(Please fill in the actual values from your environment)
Key | Value | Comments |
---|---|---|
PHP version: | 7.3 | |
Contao version: | 4.7 | |
MetaModels version: | 2.1 | |
Installation via composer: | yes | |
Installed MetaModels packages: | filter_fromto | |
DCG version: | 2.1 |
Issue description
A comma in the filter URL will be handled as array delimiter.
Steps to reproduce
- Place a "fromto" filter on a decimal attribute in the frontend.
- If the user inputs a "comma", e.g.
20,00
instead of20.00
, the error will be thrown.
Live example: https://www.ferienpass-luebeck.de/angebote/fee/20.00 OK https://www.ferienpass-luebeck.de/angebote/fee/20,00 NOT OK
Stack trace: https://sentry.io/share/issue/ac77bf0c81e84605a381b4886d18c136/
where $arrFilterUrl
=
{
age: 8,
available: 1,
date: ,,
fee: 20,00
}
If you have a look at the live example, a comma character is used as a delimiter character for the "date" filter! It is only malicious for the "fee" filter.
Well, the filter expects a number in English locale where you pass a German locale formatted number here.
As we do not have a locale setting for the decimal separator, I wonder how we can proceed here. :crying_cat_face:
Can the character ,
somehow be urlencoded to %2C
?
Which would still be wrong, as the decimal attribute wants a decimal value to filter later on.
The issue belongs to the fromto
filter (and maybe also the range
filter) anyway.
In there, only the decimal filtering is causing issues, as they do not handle anything aside from dates, numbers and decimals of which only the latter ones are affected.
The decimal attribute casts the value to float and will therefore loose the decimal part ((float)"20,5"
=> double(20)
).
I guess the best immediate solution is to build a kernel.request
listener with high priority that swaps the value in the request post data prior redirecting. The URL containing a comma however is plain wrong.
it´s a bug or feature?
Rather a known locale issue...
The question is, which labels we give to the issue? ... and Milestone?
related with https://github.com/MetaModels/core/issues/1261