Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exists? returns false positives when query string begins with a number #971

Open
corwinstephen opened this issue Jun 17, 2021 · 6 comments
Open

exists? returns false positives when query string begins with a number #971

corwinstephen opened this issue Jun 17, 2021 · 6 comments
Labels
pinned

Comments

@corwinstephen
Copy link

The exists method falls back on ActiveRecord's implementation which runs to_i on the input string. This means that if the slug you're searching for begins with a number, you'll get a false positive. Model.friendly.exists?('2something') ultimately performs Model.exists?(2), which usually returns true.
@parndt
Copy link
Collaborator

parndt commented Jun 21, 2021
edited

@corwinstephen thanks! Do you think we need to do something like return false if input.to_i.to_s != input?

@corwinstephen
Copy link
Author

corwinstephen commented Jun 22, 2021
edited

@parndt were it up to me, I might argue that

friendly_id/lib/friendly_id/finder_methods.rb

Line 31 in 6a8b54e

super
should be changed to false, though that may have other consequences I'm not aware of. An alternative could be to explicitly check to see if input.to_i != 0 there and return false if it is, and only call super after that.

It's a little bit of a tricky situation since ActiveRecord itself allows you to pass non-integer values to find, so we'd be modifying Rails behavior. But at the same time, that should only ever be a problem if someone were using friendly_id in combination with a non-numeric primary key, which would totally break anyway, so maybe that's not an issue?

@parndt
Copy link
Collaborator

parndt commented Jun 22, 2021

What I was meaning is that we should be using friendly ID behaviour if the slug is not fully numeric, which is what I meant by input.to_i.to_s != input - in this case we should be searching our database for a slug matching that. In the case where they are the same we can ask the upstream (ActiveRecord) for its result as it's numeric.

Does that help?

@corwinstephen
Copy link
Author

corwinstephen commented Jun 23, 2021
edited

@parndt if I'm not mistaken, that's what already happens. The problem stems from the fact that if the search for the friendly_id slug doesn't return anything, we then call super, which is where the false positive comes from. This differs from the implementation of model.friendly.find in that find raises an exception if nothing matches the slug whereas exists? calls super. I think we could get parity between the two methods by returning false instead.

@parndt
Copy link
Collaborator

parndt commented Jun 24, 2021
edited

yes, I think you're right @corwinstephen - if people are using model.friendly.find and the slug doesn't exist then we shouldn't then ask the upstream. Would you like to open a pull request please so that we can see how the tests deal with this change?

@stale
Copy link

stale bot commented Sep 19, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Sep 19, 2021
@parndt parndt added the pinned label Sep 20, 2021
@stale stale bot removed the stale label Sep 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pinned
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@parndt @corwinstephen