33589 fix array values in catalogsearch parameters #33682
Conversation
|
Hi @SilinMykola. Thank you for your contribution
❗ Automated tests can be triggered manually with an appropriate comment:
You can find more information about the builds here ℹ️ Please run only needed test builds instead of all when developing. Please run all test builds before sending your PR for review. For more details, please, review the Magento Contributor Guide documentation. 🕙 You can find the schedule on the Magento Community Calendar page. 📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, please join the Community Contributions Triage session to discuss the appropriate ticket. 🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel ✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel |
m2-community-project
bot
added
the
Priority: P2
magento-engcom-team
added
Component: CatalogSearch
Release Line: 2.4
Partner: Atwix
|
@magento run all tests |
|
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
m2-community-project
bot
added
Progress: review
and removed
Progress: pending review
labels
|
@magento give me test instance |
|
Hi @andrewbess. Thank you for your request. I'm working on Magento instance for you. |
|
Hi @andrewbess, unfortunately there is no ability to deploy Magento instance at the moment. Please try again later. |
There was a problem hiding this comment.
Hi @SilinMykola, could you please cover these changes by an integration test?
Thank you.
m2-community-project
bot
added
Progress: needs update
and removed
Progress: review
labels
|
@magento give me test instance |
|
Hi @andrewbess. Thank you for your request. I'm working on Magento instance for you. |
|
Hi @andrewbess, here is your Magento Instance: https://a3fe9860c4997848dc40cb217d7c0332.instances.magento-community.engineering |
|
@magento run all tests |
|
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
Hi! @eduard13 ! Ok, I'll create integration test for this model. |
|
@SilinMykola, additionally, could you please check how the |
| if (is_array($value['from'])) { | ||
| $value['from'] = $this->getFirstArrayElement($value['from']); | ||
| } | ||
| if (is_array($value['to'])) { | ||
| $value['to'] = $this->getFirstArrayElement($value['to']); | ||
| } |
There was a problem hiding this comment.
I think, in case if we got an incorrect type - it's better to do assume that this parameter doesn't exist at all. I think we're expecting here the only string.
There was a problem hiding this comment.
@ihor-sviziev Hi! May be you are right and we should create a redirect if $value['from'] or $value['to'] is array. But I think we can check this arrays for some values and create a valid response.
cc: @andrewbess, @eduard13
There was a problem hiding this comment.
@SilinMykola I'm agree with @ihor-sviziev that we should ignore this parameter if it's not valid instead of trying to understand what we received and extract some data from it.
Looks like patch for all occasions.
There was a problem hiding this comment.
Ok, @Den4ik! Locally I removed this code and work on tests.
There was a problem hiding this comment.
The following comment is related to this discussion #33589 (comment)
|
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
|
@SilinMykola Please check failed integration tests |
|
@magento run all tests |
|
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
|
@magento run Functional Tests EE |
|
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
|
The requested builds are added to the queue. You should be able to see them here within a few minutes. Please re-request them if they don't show in a reasonable amount of time. |
There was a problem hiding this comment.
After discussion with @SilinMykola in slack and test possible one another solution I approve this PR as easiest an fast solution for now.
@SilinMykola Thanks for the work
m2-community-project
bot
added
Progress: ready for testing
and removed
Progress: needs update
labels
|
Hi @Den4ik, thank you for the review.
|
Den4ik
added
the
Auto-Tests: Covered
|
Hi @ihor-sviziev, thank you for the review. |
m2-community-project
bot
added
Progress: testing in progress
and removed
Progress: ready for testing
labels
|
✔️ QA Passed Preconditions:
Manual testing scenario:
Before: ✖️ Used to get an error message
After: ✔️ Gives the search result information With no result data With result data There is no additional regression is required since it is a specific case where we are doing an URL tampering. It has no impact on any other features as well. |
m2-community-project
bot
added
Progress: accept
and removed
Progress: testing in progress
labels
|
Hi @SilinMykola, thank you for your contribution! |
Description (*)
I changed a method that prepare values for advanced search. Model:
\Magento\CatalogSearch\Model\AdvancedFixed Issues (if relevant)
Manual testing scenarios (*)
/catalogsearch/advanced/result/?price[from][]=1&price[to]=1For example:
htps://base_url/catalogsearch/advanced/result/?price[from][]=1&price[to]=1Contribution checklist (*)