Contrib.social

EPP fails if token value begins with YAML-like structure

Open on Drupal.org →
Created on 30 November 2023, over 1 year ago
Updated 1 December 2023, over 1 year ago

Problem/Motivation

EPP can fail silently if:

  1. The epp value field contains no YAML, and
  2. The token's replaced value begins with something that can be parsed as a YAML key-value pair—a string followed by a colon followed by a space—e.g. email address: example@example.com

After tokens are replaced, the result is parsed for YAML (epp.module, line 42) and stored in $value. Given the example value above, $value becomes an array [ email address: "example@example.com" ] rather than the expected "email address: example@example.com".

The target field receives no value, as it doesn't have a property named 'email address'. (The value was successfully parsed, though, so there is no exception or error).

Steps to reproduce

  1. Visit Basic Site Settings and set Slogan to a YAML-like value—e.g. "My Site: The Best Site on the Web"
  2. Set the EPP value for any entity field to [site:slogan]
  3. Create a new instance of that entity -- the field is not prepopulated.

Note: If the EPP value does contain YAML, e.g. some_property: [site:slogan], parsing will fail, the exception will be logged and a warning will appear on the page as $value will be undefined.

Proposed resolution

I'm not sure. Maybe rawurlencode() token values, then rawurldecode() after parsing? Or perhaps just "encode", then "decode" spaces?

🐛 Bug report
Status

Needs review

Version

1.0

Component

Code

Created by

🇺🇸United States justcaldwell Austin, Texas

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @justcaldwell
  • Comment over 1 year ago
    🇺🇸United States justcaldwell Austin, Texas

    Updating the IS and title to be more exact. This is an issue when the replaced token value begins with YAML-like syntax.

    Also just want to note that other YAML-like structures in replaced values will also parse to undesired results in $value. For example, a token value of [ foo, bar, baz ] results in a $value of:

    [
  0: "foo",
  1: "bar",
  2: "baz",
]

    A bit of a contrived value for sure, but rules out the "replace colon space with colon  " kludge.

  • Comment over 1 year ago
    🇺🇸United States justcaldwell Austin, Texas
  • Comment over 1 year ago
    🇺🇸United States justcaldwell Austin, Texas

    Regarding rawurlencode/rawurldecode-ing token values:

    Using rawurlencode() on replaced token values has potential, as it maps pretty nicely to YAML's special/reserved characters. But, especially where formatted text (html) is involved, it's very likely to produce values that will throw exceptions when sent to the YAML parser (e.g. strings that start with "%"), so the entire values also need to wrapped in quotes.

    Once parsed, replaced values would then need to be un-quoted and passed through rawurldecode(). Depending on what was actually in the EPP value field, that can get tricky. Was there YAML? We need to recurse through any resulting array. What if there was other text in the field? [Scratches head].

  • Comment over 1 year ago
    🇺🇸United States justcaldwell Austin, Texas

    Here's a patch that does a bit of "custom encoding/decoding" to prevent replaced token content from being parsed as YAML key/value pairs. This doesn't address the "other YAML-like structures" I mentioned in #2.

    I didn't start a branch or open an MR, as I feel like this is only a temporary/partial fix, but might be the basis for more robust solution.

  • Status changed to Needs review over 1 year ago
  • Comment over 1 year ago
    🇺🇸United States justcaldwell Austin, Texas
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024