Contrib.social

Validation Needed in AjaxPageState->parseAjaxPageState()

Open on Drupal.org β†’
Created on 19 December 2024, 4 months ago

Problem/Motivation

tldr; AJAX calls were failing with the following warnings/errors:

  • Warning: Undefined array key "libraries" in Drupal\Core\StackMiddleware\AjaxPageState->parseAjaxPageState() (line 50 of /app/docroot/core/lib/Drupal/Core/StackMiddleware/AjaxPageState.php)
  • TypeError: Drupal\Component\Utility\UrlHelper::uncompressQueryParameter(): Argument #1 ($compressed) must be of type string, null given, called in /app/docroot/core/lib/Drupal/Core/StackMiddleware/AjaxPageState.php on line 50 in Drupal\Component\Utility\UrlHelper::uncompressQueryParameter() (line 106 of /app/docroot/core/lib/Drupal/Component/Utility/UrlHelper.php)

Steps to reproduce

TBH, I don't know how we managed to get an AJAX call where $ajax_page_state has no index 'libraries'. It seems to be a CiviServe component.

Proposed resolution

Add basic validation like:

    if (isset($ajax_page_state['libraries']) && is_string($ajax_page_state['libraries'])) {
      $ajax_page_state['libraries'] = UrlHelper::uncompressQueryParameter($ajax_page_state['libraries']);
    }

Remaining tasks

User interface changes

Introduced terminology

API changes

Data model changes

Release notes snippet

πŸ› Bug report
Status

Active

Version

10.3 ✨

Component

ajax system

Created by

πŸ‡ΊπŸ‡ΈUnited States JasonSafro

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @JasonSafro
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States JasonSafro
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States JasonSafro
  • Merge request !10621Issue 3495006: Added validation to confirm array index exists and contains the... β†’ (Open) created by Unnamed author
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States JasonSafro
  • Pipeline finished with Success
    4 months ago
    Total: 768s
    #373845
  • Comment 4 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    Thanks for reporting, will need a test case showing the issue as a next step.

  • Comment 2 months ago β†’
    πŸ‡ΊπŸ‡ΈUnited States msielski

    Experiencing this issue on a Drupal 10.3.10 site. We have determined it was only happening during bot attacks, where URLs are presumably scraped and query parameters are added/removed/edited in an attempt to spider or disrupt the site. Here are steps to reproduce the issue, tested on clean builds of 10.3.10 and 11.1.3-dev:

    Steps to reproduce

    1. Create some test articles.
    2. Create a new view of articles, enable the full pager and set items per page to 1.
    3. Enable Ajax for the view.
    4. Create a page display for the view at /test.
    5. Save the view.
    6. Browse to /test.
    7. Enable browser's network debugging tool.
    8. Click the second page of the view.
    9. Find the HTTP AJAX request, which may look like:
      https://site/views/ajax?_wrapper_format=drupal_ajax&view_name=test&view_display_id=page_1&view_args=&view_path=/test&view_base_path=test&view_dom_id=a71c9a697ac4831fa5c5281c623d052920645d92a60c87b912bcdd45de69da8b&pager_element=0&page=1&_drupal_ajax=1&ajax_page_state[theme]=olivero&ajax_page_state[theme_token]=&ajax_page_state[libraries]=eJx9TluOwjAMvFDSnIGTrJxkAO-mcWSnLb39FkRAy8f-WPPyaCJfvho3hPgELkntuPWFSsi6NCrTW_GF64_9H-kiJZIeIcWwKXVe8fh2Ug6oEs5AfpFKK1-os1RvOMoy6f4ym2xQZB93H4ukd4WBNF19JVXZPtWNM5xdRXta-hgyuLPdOuYQyeCei8NY_sEnWKKGU565usWgo-yOJz7WmlsZm4XHneibbn-EWfJS8AtbJ40k
    10. Copy this URL and delete the ajax_page_state[libraries] parameter, ending up with:
      https://site/views/ajax?_wrapper_format=drupal_ajax&view_name=test&view_display_id=page_1&view_args=&view_path=/test&view_base_path=test&view_dom_id=a71c9a697ac4831fa5c5281c623d052920645d92a60c87b912bcdd45de69da8b&pager_element=0&page=1&_drupal_ajax=1&ajax_page_state[theme]=olivero&ajax_page_state[theme_token]=
    11. Attempt to access this URL, and receive the reported error:

      The website encountered an unexpected error. Try again later.
TypeError: Drupal\Component\Utility\UrlHelper::uncompressQueryParameter(): Argument #1 ($compressed) must be of type string, null given, called in /var/lib/tugboat/stm/web/core/lib/Drupal/Core/StackMiddleware/AjaxPageState.php on line 50 in Drupal\Component\Utility\UrlHelper::uncompressQueryParameter() (line 103 of core/lib/Drupal/Component/Utility/UrlHelper.php).

Drupal\Component\Utility\UrlHelper::uncompressQueryParameter() (Line: 50)
Drupal\Core\StackMiddleware\AjaxPageState->parseAjaxPageState() (Line: 33)
Drupal\Core\StackMiddleware\AjaxPageState->handle() (Line: 51)
Drupal\Core\StackMiddleware\StackedHttpKernel->handle() (Line: 709)
Drupal\Core\DrupalKernel->handle() (Line: 19)
contrib.social Blog FAQ Discussions
Production build 0.71.5 2024