New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
check a value is_scalar only on the database fields #8833
check a value is_scalar only on the database fields #8833
Conversation
In your example code is your |
Hello @robbieaverill Image is not a property, but an instance variable I was using to set on the dataobject. So what it does is if I do two assigns then it throws an error, because it tries to check whether the scalarValueOnly on the previously assigned variable. So by checking the current variable is only a field within the DB then it doesnt check the scalarValueOnly function. Does it make it clearer ? Cheers |
@fonsekaean Is this correct?
|
@kinglozzer Yup thats excatly the issue |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you add a simple unit test to cover this?
@@ -2677,8 +2677,7 @@ public function setField($fieldName, $val) { | |||
user_error('DataObject::setField: passed an object that is not a DBField', E_USER_WARNING); | |||
} | |||
|
|||
$dbField = $this->dbObject($fieldName); | |||
if ($dbField && $dbField->scalarValueOnly() && !empty($val) && !is_scalar($val)){ | |||
if ($this->db($fieldName) && ($dbField = $this->dbObject($fieldName)) && $dbField->scalarValueOnly() && !empty($val) && !is_scalar($val)){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we reduce the line length here? I believe 120 is our hard-limit
if ($this->db($fieldName) && ($dbField = $this->dbObject($fieldName)) && $dbField->scalarValueOnly() && !empty($val) && !is_scalar($val)){ | |
$dbField = ($this->db($fieldName)) ? $this->dbObject($fieldName) : null; | |
if ($dbField && $dbField->scalarValueOnly() && !empty($val) && !is_scalar($val)){ |
This pull request hasn't had any activity for a while. Are you going to be doing further work on it, or would you prefer to close it now? |
It seems like there's going to be no further activity on this pull request, so we've closed it for now. Please open a new pull-request if you want to re-approach this work, or for anything else you think could be fixed or improved. |
The new security check
scalarValueOnly
affects on any of the variables assigned on to a data object regardless its going to be saved on to the database or not.By adding an extra check on the condition to see whether the field is actually going to be stored in the database it still let you set / overwrite the values on to a data object.
Thanks for contributing, you're awesome! ⭐
Please describe expected and observed behaviour, and what you're fixing.
For visual fixes, please include tested browsers and screenshots.
Search for related existing issues and link to them if possible.
Please read https://docs.silverstripe.org/en/contributing/code/