Retrieve "class" and "subPage" from form attributes even when urlencoded #13090
Conversation
|
(Standard links)
|
| @@ -142,7 +142,14 @@ public static function process(&$form) { | |||
| switch ($className) { | |||
| case 'Contribute': | |||
| $attributes = $form->getVar('_attributes'); | |||
| $class = strtolower(basename(CRM_Utils_Array::value('action', $attributes))); | |||
| $rawUrl = CRM_Utils_Array::value('action', $attributes); | |||
There was a problem hiding this comment.
@christianwach we seem to be repeating the same code 4 places - maybe add a function on CRM_Utils_Request class or CRM_Utils_String (I think the former has the url() function) & call that?
There was a problem hiding this comment.
@eileenmcnaughton Fair point. I had considered this but wasn't sure where to locate such a method - thanks for the suggestion.
|
@xurizaemon @totten @seamuslee001 this needs a quick security vetting I think |
|
@eileenmcnaughton I have tested this in D7 and WP and it solves the issue described on WP while not affecting D7 at all. Your comments make sense. So the only issue is do we have time to get this in to 5.8 or do we need to punt this PR and the earlier committed one #13043 to master/5.9 |
|
So looking at this before after Agree with Eileen on the code cleanup routine. @christianwach @kcristiano if the code duplication issue can be resolve then i am happy for this to got into 5.8 given the other PR is in 5.8. Noting 5.8 is the December release so we have ~2 weeks left in RC |
|
@kcristiano I'm impressed that you caught this and by your and @christianwach efforts to get this fixed for 5.8. Let me know if you would like me to test :). |
|
@alifrumin we love testing so please do and Thank You |
|
Closed in favour of #13099 |
Overview
Fixes problems associated with Contribution Page forms and Event Management forms as described in this comment by @kcristiano.
The issue has appeared since #13043 because the existing code relied on URLs not being URL-endcoded to tease out the component for the active tab. Please see the discussion on the linked issue for further details.
Before
The component is misidentified by parsing the
actionattribute of theformobject usingbasename(), but fails because theqvariable is (properly) URL-encoded since #13043.After
The component is correctly identified by parsing the
actionattribute of theformobject usingbasename()by not assuming that the URL is in its raw state. The new code URL-decodes theactionURL when needed before teasing out the component name.Comments
This only fails in WordPress because Drupal uses clean URLs by default and WordPress can never use clean URLs in
wp-adminbecause everything is routed throughwp-admin/admin.php.