Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StringTemplateTrait does not fail for missing templates. #8554

Closed
2 of 3 tasks
thinkingmedia opened this issue Mar 27, 2016 · 2 comments
Closed
2 of 3 tasks

StringTemplateTrait does not fail for missing templates. #8554

thinkingmedia opened this issue Mar 27, 2016 · 2 comments
Labels
view
Milestone
3.3.0

Comments

@thinkingmedia
Copy link
Contributor

This is a (multiple allowed):

  • bug
  • enhancement
  • feature-discussion (RFC)
  • CakePHP Version: 3.2.1
  • Platform and Target: Apache, MySQL, Windows 10, PHP 7

What you did

Created a helper that uses the StringTemplateTrait.

class MyHelper extends Helper {
    use StringTemplateTrait;

    protected $_defaultConfig = [
       'templates' => [
             'Bar' => 'hello'
        ]
   ];

   public function Foo() {
       return $this->formatTemplate('Oops',[]);
   }
}

The template Oops does not exist.

Some where else like a view

     <?= $this->My->Foo()." world" ?>

The view still renders without error. No warning is given to the developer that the output is not as expected.

Expected Behavior

Should trigger an error that the template Oops does not exist.

Actual Behavior

The Foo() method returns null which mutates into an empty string. The rendered output for the view is world, but the expected output hello world is not generated.

I experienced this as a security bug in my app. The JavaScript code that was suppose to be injected into the view was from a template, but the name has a spelling mistake. The output for the view mutated the null into an empty string. This resulted in valid JavaScript code that was missing an important chunk from the template.
@markstory markstory added this to the 3.2.6 milestone Mar 28, 2016
@markstory
Copy link
Member

StringTemplate didn't raise exceptions on purpose to make it more tolerant of programmer error. However, you raise a good point that we should be helping developers find their mistakes.

@markstory markstory added the view label Mar 28, 2016
@markstory markstory modified the milestones: 3.3.0, 3.2.6 Mar 28, 2016
markstory added a commit that referenced this issue Mar 28, 2016
@markstory
Missing templates should raise exceptions.
64ec05c 
Missing templates are a signal that a developer has made a mistake.
We should help them find this error and an exception is the simplest way
to signal an error to the developer.

Refs #8554
markstory added a commit that referenced this issue Mar 28, 2016
@markstory
Missing templates should raise exceptions.
71c5e98 
Missing templates are a signal that a developer has made a mistake.
We should help them find this error and an exception is the simplest way
to signal an error to the developer.

Refs #8554
@markstory markstory mentioned this issue Mar 28, 2016
Merged
@markstory
Copy link
Member

Pull request #8555 up for 3.3.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
view
Projects
None yet
Milestone
3.3.0
Development

No branches or pull requests
2 participants
@markstory @thinkingmedia