Improve error passing task IDs as URL parameter in invalid format

@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge

phorge phabricator

fork

Summary:
Maniphest expects the values of the `ids` URL parameter to be integers. Example: http://phorge.localhost/maniphest/?ids=1,2,3,4 to show a list of tasks with those IDs.
When passing monograms instead (`T` prefix, like `T123` instead of `123`), a cryptic message `Expected a numeric scalar or null for %Ld conversion` is shown.

Thus check if `$this->taskIDs` consists of integers only; if not throw a `PhutilSearchQueryCompilerSyntaxException` with an explanatory error message.

Closes T15838

Test Plan: Go to http://phorge.localhost/maniphest/?ids=T1,T2,T3,T4 before and after applying the patch.

Reviewers: O1 Blessed Committers, avivey

Reviewed By: O1 Blessed Committers, avivey

Subscribers: avivey, tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15838

Differential Revision: https://we.phorge.it/D25669

Andre Klapper 2 years ago 4bf5c452 40b1e6b1

1 changed file

expand all

src

applications

maniphest

query

ManiphestTaskQuery.php

src/applications/maniphest/query/ManiphestTaskQuery.php

··· 358 358 $where[] = $this->buildOwnerWhereClause($conn); 359 359 360 360 if ($this->taskIDs !== null) { 361 + if (!ctype_digit(implode('', $this->taskIDs))) { 362 + throw new PhutilSearchQueryCompilerSyntaxException( 363 + pht('Task IDs must be integer numbers.')); 364 + } 361 365 $where[] = qsprintf( 362 366 $conn, 363 367 'task.id in (%Ld)',

Configure Feed

Configure Feed