Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.x]: action querystring parameter breaks routing to plugin controller #11435

Closed
peteeveleigh opened this issue Jun 14, 2022 · 2 comments
Closed

[4.x]: action querystring parameter breaks routing to plugin controller #11435

peteeveleigh opened this issue Jun 14, 2022 · 2 comments
Labels
bug craft4

Comments

@peteeveleigh
Copy link

peteeveleigh commented Jun 14, 2022
edited
Loading

What happened?

Description

I'm working on a plugin that receives GET requests from a 3rd party service. These requests contain the query parameter "action" and that parameter name cannot be changed.

I have spoken with @angrybrad about this and he pointed out the following code, https://github.com/craftcms/cms/blob/develop/src/web/Request.php#L1614-L1619
which is intercepting the request, finding the action parameter and attempts to route to a non-existent controller action.

For example, the service attempts to hit a controller like so;
https://craft4.clientsee.co.uk/actions/shipstationconnect/orders/process?action=export

This should hit our process action in the plugin's controller, where the action param is read and the appropriate services called. However, with the action parameter there, Craft will not route to the process action and instead attempts to find export which doesn't exist and so returns a 404. I have tried creating a controller action named export but this still isn't found.

The behaviour seems to be fairly recent as the Craft 3 version of the plugin is working just fine.

Could perhaps this parameter be ignored it if the path already contains the actions segment?
Or make this configurable? Or even removed completely?

Steps to reproduce

  1. Create a controller that you can hit with a regular browser request.
  2. Visit the URL for the controller, it should return a 200 response.
  3. Add ?action=something to the URL
  4. Visit the URL again, it will return a 404 response

Expected behavior

The controller URL should work regardless of any query string parameters

Actual behavior

Adding a querystring parameter named action will break the routing to the controller

Craft CMS version

4.0.4

PHP version

8.16

Operating system and version

Linux 4.15.0-118-generic

Database type and version

MySQL 5.7.38

Image driver and version

No response

Installed plugins and versions

None
@brandonkelly
Copy link
Member

Thanks for pointing that out! Looks like this was an unintended side effect of some refactoring work done in 0a77a06. Fixed for the next release – actions/* URIs now take precedence over the action query string param.

@sjcallender sjcallender mentioned this issue Jun 21, 2022
Closed
@brandonkelly
Copy link
Member

Craft 4.0.5 is out now with that fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug craft4
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brandonkelly @peteeveleigh