Contrib.social

Encode plugin: only call function from the available options

Open on Drupal.org →
Created on 13 October 2024, 3 months ago

Problem/Motivation

In \Drupal\tamper\Plugin\Tamper\Encode::tamper() a function is called without checking if this function is one of the provided options. This could potentially do harm when in the config file a function is set that is not one of the options.

Right now it is implemented as follows:

$function = $this->getSetting(self::SETTING_MODE);

if (function_exists($function)) {
  $data = call_user_func($function, $data);
}

Proposed resolution

Add a switch() statement to only call the user function when needed. For the options 'yaml_encode' and 'yaml_decode' there should not be a function call with these names, a method from Symfony\Component\Yaml\Yaml should be called instead.

Since there is no test coverage yet for encoding/decoding JSON, test cases for these need to be added to, to ensure these still work after the changes.

Remaining tasks

  1. Change implementation of \Drupal\tamper\Plugin\Tamper\Encode::tamper() (see proposed resolution)
  2. Add test cases for JSON encoding/decoding

User interface changes

None.

API changes

None.

Data model changes

None.

📌 Task
Status

Active

Version

1.0

Component

Code

Created by

🇳🇱Netherlands megachriz

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024