+2 -2

src/applications/conduit/call/ConduitCall.php

reviewed

··· 15 15 private $request; 16 16 private $user; 17 17 18 18 - public function __construct($method, array $params) { 18 18 + public function __construct($method, array $params, $strictly_typed = true) { 19 19 $this->method = $method; 20 20 $this->handler = $this->buildMethodHandler($method); 21 21 ··· 41 41 "'".implode("', '", array_keys($invalid_params))."'")); 42 42 } 43 43 44 44 - $this->request = new ConduitAPIRequest($params); 44 44 + $this->request = new ConduitAPIRequest($params, $strictly_typed); 45 45 } 46 46 47 47 public function getAPIRequest() {

+7 -5

src/applications/conduit/controller/PhabricatorConduitAPIController.php

reviewed

··· 25 25 26 26 try { 27 27 28 28 - list($metadata, $params) = $this->decodeConduitParams($request, $method); 28 28 + list($metadata, $params, $strictly_typed) = $this->decodeConduitParams( 29 29 + $request, 30 30 + $method); 29 31 30 30 - $call = new ConduitCall($method, $params); 32 32 + $call = new ConduitCall($method, $params, $strictly_typed); 31 33 $method_implementation = $call->getMethodImplementation(); 32 34 33 35 $result = null; ··· 638 640 $metadata = idx($params, '__conduit__', array()); 639 641 unset($params['__conduit__']); 640 642 641 641 - return array($metadata, $params); 643 643 + return array($metadata, $params, true); 642 644 } 643 645 644 646 // Otherwise, look for a single parameter called 'params' which has the ··· 659 661 $metadata = idx($params, '__conduit__', array()); 660 662 unset($params['__conduit__']); 661 663 662 662 - return array($metadata, $params); 664 664 + return array($metadata, $params, true); 663 665 } 664 666 665 667 // If we do not have `params`, assume this is a simple HTTP request with ··· 675 677 } 676 678 } 677 679 678 678 - return array($metadata, $params); 680 680 + return array($metadata, $params, false); 679 681 } 680 682 681 683 private function authorizeOAuthMethodAccess(

+3 -11

src/applications/conduit/parametertype/ConduitBoolParameterType.php

reviewed

··· 3 3 final class ConduitBoolParameterType 4 4 extends ConduitParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $value = parent::getParameterValue($request, $key); 8 8 - 9 9 - if (!is_bool($value)) { 10 10 - $this->raiseValidationException( 11 11 - $request, 12 12 - $key, 13 13 - pht('Expected boolean (true or false), got something else.')); 14 14 - } 15 15 - 16 16 - return $value; 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $value = parent::getParameterValue($request, $key, $strict); 8 8 + return $this->parseBoolValue($request, $key, $value, $strict); 17 9 } 18 10 19 11 protected function getParameterTypeName() {

+2 -2

src/applications/conduit/parametertype/ConduitColumnsParameterType.php

reviewed

··· 3 3 final class ConduitColumnsParameterType 4 4 extends ConduitParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 // We don't do any meaningful validation here because the transaction 8 8 // itself validates everything and the input format is flexible. 9 9 - return parent::getParameterValue($request, $key); 9 9 + return parent::getParameterValue($request, $key, $strict); 10 10 } 11 11 12 12 protected function getParameterTypeName() {

+3 -9

src/applications/conduit/parametertype/ConduitEpochParameterType.php

reviewed

··· 3 3 final class ConduitEpochParameterType 4 4 extends ConduitParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $value = parent::getParameterValue($request, $key); 8 8 - 9 9 - if (!is_int($value)) { 10 10 - $this->raiseValidationException( 11 11 - $request, 12 12 - $key, 13 13 - pht('Expected epoch timestamp as integer, got something else.')); 14 14 - } 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $value = parent::getParameterValue($request, $key, $strict); 8 8 + $value = $this->parseIntValue($request, $key, $value, $strict); 15 9 16 10 if ($value <= 0) { 17 11 $this->raiseValidationException(

+3 -11

src/applications/conduit/parametertype/ConduitIntListParameterType.php

reviewed

··· 3 3 final class ConduitIntListParameterType 4 4 extends ConduitListParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $list = parent::getParameterValue($request, $key); 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $list = parent::getParameterValue($request, $key, $strict); 8 8 9 9 foreach ($list as $idx => $item) { 10 10 - if (!is_int($item)) { 11 11 - $this->raiseValidationException( 12 12 - $request, 13 13 - $key, 14 14 - pht( 15 15 - 'Expected a list of integers, but item with index "%s" is '. 16 16 - 'not an integer.', 17 17 - $idx)); 18 18 - } 10 10 + $list[$idx] = $this->parseIntValue($request, $key.'['.$idx.']', $item); 19 11 } 20 12 21 13 return $list;

+3 -11

src/applications/conduit/parametertype/ConduitIntParameterType.php

reviewed

··· 3 3 final class ConduitIntParameterType 4 4 extends ConduitParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $value = parent::getParameterValue($request, $key); 8 8 - 9 9 - if (!is_int($value)) { 10 10 - $this->raiseValidationException( 11 11 - $request, 12 12 - $key, 13 13 - pht('Expected integer, got something else.')); 14 14 - } 15 15 - 16 16 - return $value; 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $value = parent::getParameterValue($request, $key, $strict); 8 8 + return $this->parseIntValue($request, $key, $value, $strict); 17 9 } 18 10 19 11 protected function getParameterTypeName() {

+13 -12

src/applications/conduit/parametertype/ConduitListParameterType.php

reviewed

··· 14 14 return $this->allowEmptyList; 15 15 } 16 16 17 17 - protected function getParameterValue(array $request, $key) { 18 18 - $value = parent::getParameterValue($request, $key); 17 17 + protected function getParameterValue(array $request, $key, $strict) { 18 18 + $value = parent::getParameterValue($request, $key, $strict); 19 19 20 20 if (!is_array($value)) { 21 21 $this->raiseValidationException( ··· 48 48 return $value; 49 49 } 50 50 51 51 - protected function validateStringList(array $request, $key, array $list) { 51 51 + protected function parseStringList( 52 52 + array $request, 53 53 + $key, 54 54 + array $list, 55 55 + $strict) { 56 56 + 52 57 foreach ($list as $idx => $item) { 53 53 - if (!is_string($item)) { 54 54 - $this->raiseValidationException( 55 55 - $request, 56 56 - $key, 57 57 - pht( 58 58 - 'Expected a list of strings, but item with index "%s" is '. 59 59 - 'not a string.', 60 60 - $idx)); 61 61 - } 58 58 + $list[$idx] = $this->parseStringValue( 59 59 + $request, 60 60 + $key.'['.$idx.']', 61 61 + $item, 62 62 + $strict); 62 63 } 63 64 64 65 return $list;

+3 -3

src/applications/conduit/parametertype/ConduitPHIDListParameterType.php

reviewed

··· 3 3 final class ConduitPHIDListParameterType 4 4 extends ConduitListParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $list = parent::getParameterValue($request, $key); 8 8 - return $this->validateStringList($request, $key, $list); 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $list = parent::getParameterValue($request, $key, $strict); 8 8 + return $this->parseStringList($request, $key, $list, $strict); 9 9 } 10 10 11 11 protected function getParameterTypeName() {

+2 -2

src/applications/conduit/parametertype/ConduitPHIDParameterType.php

reviewed

··· 3 3 final class ConduitPHIDParameterType 4 4 extends ConduitParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $value = parent::getParameterValue($request, $key); 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $value = parent::getParameterValue($request, $key, $strict); 8 8 9 9 if (!is_string($value)) { 10 10 $this->raiseValidationException(

+50 -3

src/applications/conduit/parametertype/ConduitParameterType.php

reviewed

··· 30 30 } 31 31 32 32 33 33 - final public function getValue(array $request, $key) { 33 33 + final public function getValue(array $request, $key, $strict = true) { 34 34 if (!$this->getExists($request, $key)) { 35 35 return $this->getParameterDefault(); 36 36 } 37 37 38 38 - return $this->getParameterValue($request, $key); 38 38 + return $this->getParameterValue($request, $key, $strict); 39 39 } 40 40 41 41 final public function getKeys($key) { ··· 85 85 return array_key_exists($key, $request); 86 86 } 87 87 88 88 - protected function getParameterValue(array $request, $key) { 88 88 + protected function getParameterValue(array $request, $key, $strict) { 89 89 return $request[$key]; 90 90 } 91 91 92 92 protected function getParameterKeys($key) { 93 93 return array($key); 94 94 + } 95 95 + 96 96 + protected function parseStringValue(array $request, $key, $value, $strict) { 97 97 + if (!is_string($value)) { 98 98 + $this->raiseValidationException( 99 99 + $request, 100 100 + $key, 101 101 + pht('Expected string, got something else.')); 102 102 + } 103 103 + return $value; 104 104 + } 105 105 + 106 106 + protected function parseIntValue(array $request, $key, $value, $strict) { 107 107 + if (!$strict && is_string($value) && ctype_digit($value)) { 108 108 + $value = $value + 0; 109 109 + if (!is_int($value)) { 110 110 + $this->raiseValidationException( 111 111 + $request, 112 112 + $key, 113 113 + pht('Integer overflow.')); 114 114 + } 115 115 + } else if (!is_int($value)) { 116 116 + $this->raiseValidationException( 117 117 + $request, 118 118 + $key, 119 119 + pht('Expected integer, got something else.')); 120 120 + } 121 121 + return $value; 122 122 + } 123 123 + 124 124 + protected function parseBoolValue(array $request, $key, $value, $strict) { 125 125 + $bool_strings = array( 126 126 + '0' => false, 127 127 + '1' => true, 128 128 + 'false' => false, 129 129 + 'true' => true, 130 130 + ); 131 131 + 132 132 + if (!$strict && is_string($value) && isset($bool_strings[$value])) { 133 133 + $value = $bool_strings[$value]; 134 134 + } else if (!is_bool($value)) { 135 135 + $this->raiseValidationException( 136 136 + $request, 137 137 + $key, 138 138 + pht('Expected boolean (true or false), got something else.')); 139 139 + } 140 140 + return $value; 94 141 } 95 142 96 143 abstract protected function getParameterTypeName();

+2 -2

src/applications/conduit/parametertype/ConduitPointsParameterType.php

reviewed

··· 3 3 final class ConduitPointsParameterType 4 4 extends ConduitParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $value = parent::getParameterValue($request, $key); 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $value = parent::getParameterValue($request, $key, $strict); 8 8 9 9 if (($value !== null) && !is_numeric($value)) { 10 10 $this->raiseValidationException(

+3 -3

src/applications/conduit/parametertype/ConduitProjectListParameterType.php

reviewed

··· 3 3 final class ConduitProjectListParameterType 4 4 extends ConduitListParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $list = parent::getParameterValue($request, $key); 8 8 - $list = $this->validateStringList($request, $key, $list); 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $list = parent::getParameterValue($request, $key, $strict); 8 8 + $list = $this->parseStringList($request, $key, $list, $strict); 9 9 return id(new PhabricatorProjectPHIDResolver()) 10 10 ->setViewer($this->getViewer()) 11 11 ->resolvePHIDs($list);

+3 -3

src/applications/conduit/parametertype/ConduitStringListParameterType.php

reviewed

··· 3 3 final class ConduitStringListParameterType 4 4 extends ConduitListParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $list = parent::getParameterValue($request, $key); 8 8 - return $this->validateStringList($request, $key, $list); 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $list = parent::getParameterValue($request, $key, $strict); 8 8 + return $this->parseStringList($request, $key, $list, $strict); 9 9 } 10 10 11 11 protected function getParameterTypeName() {

+3 -11

src/applications/conduit/parametertype/ConduitStringParameterType.php

reviewed

··· 3 3 final class ConduitStringParameterType 4 4 extends ConduitParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $value = parent::getParameterValue($request, $key); 8 8 - 9 9 - if (!is_string($value)) { 10 10 - $this->raiseValidationException( 11 11 - $request, 12 12 - $key, 13 13 - pht('Expected string, got something else.')); 14 14 - } 15 15 - 16 16 - return $value; 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $value = parent::getParameterValue($request, $key, $strict); 8 8 + return $this->parseStringValue($request, $key, $value, $strict); 17 9 } 18 10 19 11 protected function getParameterTypeName() {

+3 -3

src/applications/conduit/parametertype/ConduitUserListParameterType.php

reviewed

··· 3 3 final class ConduitUserListParameterType 4 4 extends ConduitListParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $list = parent::getParameterValue($request, $key); 8 8 - $list = $this->validateStringList($request, $key, $list); 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $list = parent::getParameterValue($request, $key, $strict); 8 8 + $list = $this->parseStringList($request, $key, $list, $strict); 9 9 return id(new PhabricatorUserPHIDResolver()) 10 10 ->setViewer($this->getViewer()) 11 11 ->resolvePHIDs($list);

+2 -2

src/applications/conduit/parametertype/ConduitUserParameterType.php

reviewed

··· 3 3 final class ConduitUserParameterType 4 4 extends ConduitParameterType { 5 5 6 6 - protected function getParameterValue(array $request, $key) { 7 7 - $value = parent::getParameterValue($request, $key); 6 6 + protected function getParameterValue(array $request, $key, $strict) { 7 7 + $value = parent::getParameterValue($request, $key, $strict); 8 8 9 9 if ($value === null) { 10 10 return null;

+7 -1

src/applications/conduit/protocol/ConduitAPIRequest.php

reviewed

··· 6 6 private $user; 7 7 private $isClusterRequest = false; 8 8 private $oauthToken; 9 9 + private $isStrictlyTyped = true; 9 10 10 10 - public function __construct(array $params) { 11 11 + public function __construct(array $params, $strictly_typed) { 11 12 $this->params = $params; 13 13 + $this->isStrictlyTyped = $strictly_typed; 12 14 } 13 15 14 16 public function getValue($key, $default = null) { ··· 66 68 67 69 public function getIsClusterRequest() { 68 70 return $this->isClusterRequest; 71 71 + } 72 72 + 73 73 + public function getIsStrictlyTyped() { 74 74 + return $this->isStrictlyTyped; 69 75 } 70 76 71 77 public function newContentSource() {

+3 -1

src/applications/search/engine/PhabricatorApplicationSearchEngine.php

reviewed

··· 1115 1115 continue; 1116 1116 } 1117 1117 1118 1118 - $value = $field->readValueFromConduitRequest($constraints); 1118 1118 + $value = $field->readValueFromConduitRequest( 1119 1119 + $constraints, 1120 1120 + $request->getIsStrictlyTyped()); 1119 1121 $saved_query->setParameter($field->getKey(), $value); 1120 1122 } 1121 1123

+6 -2

src/applications/search/field/PhabricatorSearchField.php

reviewed

··· 323 323 $this->getConduitKey()); 324 324 } 325 325 326 326 - public function readValueFromConduitRequest(array $constraints) { 326 326 + public function readValueFromConduitRequest( 327 327 + array $constraints, 328 328 + $strict = true) { 329 329 + 327 330 return $this->getConduitParameterType()->getValue( 328 331 $constraints, 329 329 - $this->getConduitKey()); 332 332 + $this->getConduitKey(), 333 333 + $strict); 330 334 } 331 335 332 336 public function getValidConstraintKeys() {

+4 -1

src/applications/transactions/editengine/PhabricatorEditEngine.php

reviewed

··· 1903 1903 $parameter_type->setViewer($viewer); 1904 1904 1905 1905 try { 1906 1906 - $xaction['value'] = $parameter_type->getValue($xaction, 'value'); 1906 1906 + $xaction['value'] = $parameter_type->getValue( 1907 1907 + $xaction, 1908 1908 + 'value', 1909 1909 + $request->getIsStrictlyTyped()); 1907 1910 } catch (Exception $ex) { 1908 1911 throw new PhutilProxyException( 1909 1912 pht(