New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Increase parser arrayLimit to 100 #7430
Conversation
459faa2
to
032c3bd
Compare
Codecov Report
@@ Coverage Diff @@
## master #7430 +/- ##
==========================================
- Coverage 26.23% 26.21% -0.02%
==========================================
Files 1131 1131
Lines 15431 15440 +9
Branches 2442 2438 -4
==========================================
Hits 4048 4048
- Misses 9564 9576 +12
+ Partials 1819 1816 -3
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
@alexandrebodin is this something the user can just customize themselves within the middleware.js config file? |
@@ -16,7 +16,7 @@ const addQsParser = app => { | |||
get() { | |||
const qstr = this.querystring; | |||
const cache = (this._querycache = this._querycache || {}); | |||
return cache[qstr] || (cache[qstr] = qs.parse(qstr, { depth: 20 })); | |||
return cache[qstr] || (cache[qstr] = qs.parse(qstr, { arrayLimit: 100, depth: 20 })); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should alow passing some options so we can have a sensible default and leave the rest to the user.
We can achieve this by adding a queryStringParser
to strapi.config.middleware.settings.parser
and setting the default in the default.json and passing the option to the addQsParser
fn. We need to make sure we do not pass the option to koa-body though.
032c3bd
to
d932f8b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's make it even more flexible for the users
d932f8b
to
458184f
Compare
@drj17 @derrickmehaffy can you add work together on adding this to the doc :) |
Signed-off-by: David Janas <davidjanasr@gmail.com>
8ce70b8
to
91cda82
Compare
Hi @derrickmehaffy, I took a first pass at adding it to the docs. Let me know if there are any changes you'd like me to make! Whoops. Looks like prettier messed up my formatting :( |
91cda82
to
3de4f19
Compare
Signed-off-by: David Janas <davidjanasr@gmail.com>
3de4f19
to
5d6cf98
Compare
release 3.1.4 please! i am waiting for bug fix a week already.... |
I posted a work-around here if you need a quick fix |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks really good to me ! nice job :)
Description of what you did:
Updated the arrayLimit in the parser to 100 (arbitrarily). There might be a better number to use here, but it's causing issues when trying to do a where [field]_in query with a list of more than 20 items (see the tagged issue) using GraphQL. You could theoretically use
Infinite
here but that might open things up to abuse.Fix #5995