[HttpFoundation] Deprecation error null not allowed InputBag::set() #37100
Comments
krioo
changed the title
|
This looks a lot like #36725 |
|
Is it a hack? I would rather see it as an IO-Result Either the body is a form, in this cases you're reasoning is very valid. but modern infrastructure shifts toward json bodys or other content. which are not really "parameters" since they are content type json. if the whole body is JSON and JSON has the allowed type of null it does make sense to allow null values. Personally I would say that's a monomorphism/transforming or a strategy/adapter pattern -> the input which can be CT1 | CT2 -> IT (content-type1, content-type2 should become input-type (input interface)). So as a developer I would expect it to work in a defined way. Esp since bundles implemented it in a similar way. Maybe I am missing the real implications in the Framework that make it "bad" to use null values. Because if there are no directly affected parts one might argue it's primarily a question of taste. I don't mean any disrespect just thinking out loud here. |
|
What's wrong with something like IMHO |
|
I see the reasoning behind $_POST/$_GET. I still can be hacky as long as I cast it to string? or any other scalar value which would be in this union type variance? and arrays? The rest of possible assumptions aside. what's the purpose and how do we benefit from it not being null? |
@ro0NL My answer referred to a comment in the reference ticket provided by @nicolas-grekas and the question is still the same, what's the benefit because it's defined as
you see my problem with the implementation? and why I mentioned the scalars as union types? I know of PHP-Type coercion problems, so it's not I don't get why or how you got there. I just would like to understand the underlying reasoning and conclusions why. Currently I got
the programmer in me accepts the "you can do it that way" the CS-person is basically confused by the variance/implementation. |
|
i agree there are few unclarities :) see also #34363 (comment) I think ultimately it'll rely on implicit string casting when accessed: https://3v4l.org/IIWBt But then we should actually cast it today manually for consistent behavior (e.g. the same behavior with or without a real return type). The array case should probably validated/documented to be InputBag is meant to make accessing single/multi values explict ( I tend to agree the same case may apply to JSON decoded payloads. So yes, given |
|
The request's body is not always populated via Anyone up for a PR? |
|
I don't think that addresses the original issue. It's a pretty common pattern in projects I've worked on to replace the request parameters with decoded JSON which might contain null values. I know a request attribute could be used here instead, but that means everything has to know to examine that attribute instead of using |
Can you explain why? Isn't my proposal compatible with extracting request values from json bodies? |
|
Generally, I will have an event listener which looks something like this: public function onKernelController(ControllerEvent $event) : void
{
$request = $event->getRequest();
if ($request->getContentType() !== 'json' || empty($request->getContent())) {
return;
}
try {
$payload = json_decode($request->getContent(), true, 512, JSON_THROW_ON_ERROR);
} catch (JsonException $exception) {
throw new BadRequestHttpException('Invalid JSON body.', $exception);
}
$request->request->replace(is_array($payload) ? $payload : []);Assuming the request method causes BTW, I have worked around this for now by simply replacing the entire $request->request = new ParameterBag(is_array($payload) ? $payload : []);As a side note, the change has also caused some issues elsewhere in my APIs - for example I will often accept a list of sort keys in the query string for lists resources, and for client convenience I will accept a single string or an array of strings. This seems to be pretty much incompatible with the new // Previously: $request->query->get('sort');
$status = $request->query->all()['sort'] ?? null;Not a huge deal, but seems a little more clumsy to use. |
PHP also checks the content-type before populating
yes, that's on purpose: most ppl don't use query parameters in the way you describe - the defaults are to make them safer. Now, it also means some use cases will need to adapt. You just described one :) |
Ah of course, Is this just a case of changing: $this->request = new InputBag($request);to: $this->request = empty($_POST) ? new ParameterBag($request) : new InputBag($request);in |
|
im still generally curious why e.g. if a user is posting
it's also used for $_GET/$_COOKIE (edit: oh that's per property decided ofc.). I agree setting null values manually makes less sense, but we can argue about the mutability of InputBag in the first place. |
|
The request object is mutable. Immutability is provided by cloning, that's the design. |
|
See #37265 |
|
Still I am against the For instance, you might have listeners that are running after authentication, that are agnostic of the content-type of the request and ppl will be driven to use always the I changed my $login = $request->request->get('login');
return \is_array($login) && isset($login['username']) && isset($login['password']) && isset($login['_token']);to: $request = $request->request->all();
if (!isset($request['login'])) {
return false;
}
$login = $request['login'];
return \is_array($login) && isset($login['username']) && isset($login['password']) && isset($login['_token']);Trivial changes you might say.. but I don't find the benefit.. I still need to check the Some more:
From here
From my issue before.. The solution suggested there above kills the api of |
…f data is coming from a form (nicolas-grekas) This PR was merged into the 5.1 branch. Discussion ---------- [HttpFoundation] use InputBag for Request::$request only if data is coming from a form | Q | A | ------------- | --- | Branch? | 5.1 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #37100 | License | MIT | Doc PR | - Commits ------- 786ba10 [HttpFoundation] use InputBag for Request::$request only if data is coming from a form
…sademont) This PR was merged into the 5.3-dev branch. Discussion ---------- [HttpFoundation] Use InputBag for POST requests too | Q | A | ------------- | --- | Branch? | 5.x | Bug fix? | no | New feature? | no | Deprecations? | no | Tickets | Partially revert #37265 | License | MIT | Doc PR | - #37265 was created as a fix for #37100. However, when #37327 was merged, the original bug was also fixed with a different solution (allowing null values on `InputBag::set`) and parts of #37265 are not needed anymore. By using only `InputBag` as the `$request` bag we can tighten the typehint again and make static analysis a bit more useful. Commits ------- 381a0a1 use InputBag for POST requests too, added missing scalar type hints
Symfony version(s) affected: 5.1.0
Description
Calling
InputBag::set()with the second argument set tonulltriggers deprecation error:This behaviour causes issues when replacing JSON request body with the JSON decoded value as JSON supports null values.
How to reproduce
Possible Solution
Allow null values by adding
is_null(), since the currently usedis_scalar(null)returnsfalse: https://www.php.net/manual/en/function.is-scalar.phpThe text was updated successfully, but these errors were encountered: