[HttpFoundation] Add method getString to ParameterBag
#44787
Conversation
|
Please rebase to 6.1. 5.4 is closed for features. |
done |
src/Symfony/Component/HttpFoundation/Tests/ParameterBagTest.php
Outdated
Show resolved
Hide resolved
yes thanks, that's why I created this PR! |
|
i'd prefer casting in user-land |
getString to ParameterBaggetString to ParameterBag
|
This will trigger a PHP warning (notice in 7.4) and return "Array" string if parameter is an array. I understand developers should use this method only on validated requests, right? Otherwise an application will process this string as valid even though a user sent invalid data. However this class has other shortcut methods which do not concern this case (e.g. |
The |
Actually we will. This is the case when sending a field multiple times, like |
oh, yes |
|
we could deprecate getInt() still :} maybe put the methods on InputBag, where it's defacto safe to cast. |
Nice suggestion, I added changes, please see my solution. |
| { | ||
| $output = $this->get($key, $default); | ||
|
|
||
| return \is_array($output) ? $default : (string) $output; |
There was a problem hiding this comment.
Looks like there's been some discussion around this already so apologies if this has been covered and I missed it.
Personally I'd find the behaviour of returning the default if the value is an array surprising. While it could be argued any usage should be covered by an applications tests, I'd prefer to see exceptions on any conditions not specified by the caller.
This would also apply to defaulting the value to 0 in convertInt, and '' here, there doesn't seem to be a way to fail when an expected parameter is missing.
|
I think ParameterBag's helper methods like PS. changing method names to "convert" prefix would be a little bit helpful but imo very dangerous because the consequences might be missed very easily. If you go this way I would add a warning in the doc blocks that this methods are not only for changing types but also might change the value. |
|
@fabpot WDYT? |
6e8a347 to
74586f3
Compare
|
I just squashed+rebased the PR to target 6.2, please fetch and If we go this way, I think we need to address the previous comments. Eg when an array is encountered, we should behave as InputBag does (aka throw). About the name of the new methods, what about |
I would not invent a new name. |
|
What's the status of this PR @nicolas-grekas ? |
|
We have open questions on the new method names and error handling. InputBag throws BadRequestException in case of invalid data, while ParameterBag relies on TypeError. Proposition:
|
|
My take on this entire thing is that we should validate rather than convert any of the inputs. If I use // let's pretend that var is "2"
$request->query->getString('var', "5"); // returns "2"
$request->query->getInt('var', 5); // returns 2
// now let's pretend that var is "two"
$request->query->getString('var', "5"); // returns "two"
$request->query->getInt('var', 5); // returns 5 because "two" doesn't pass a ctype_digit() checkand so on for the other methods, validate and return the expected type if it matches, otherwise return the default value. Additional getters could be considered, like I'm open to working on this as I feel it's one of the biggest confusing, and, in the case of |
|
I think you mean #48525 |
…eprecate accepting invalid values (GromNaN) This PR was merged into the 6.3 branch. Discussion ---------- [HttpFoundation] Add `ParameterBag::getString()` and deprecate accepting invalid values | Q | A | ------------- | --- | Branch? | 6.3 | Bug fix? | no | New feature? | yes | Deprecations? | yes | Tickets | Fix #44787 #48219 | License | MIT | Doc PR | symfony/symfony-docs#... There were a lot of discussions on #44787 regarding the implementation. The main debate is to determine the right behavior when the value is invalid: try to convert the value, throw an exception, return the default value or the falsy? I added plenty of test cases for the methods `getAlpha`, `getAlnum`, `getDigits`, `getInt`, ~`getInteger`~, `getString` so that we can discuss the expected result for each input value. My goals: - Provide safe methods to get values in the expected type. Example: The parameters being generally of type `string`, the `getString` method is useful to be sure we don't get an array. - Reduce deprecations on methods that exist since Symfony 2.0, in one of the most popular Symfony component. How are these getter methods used? - Most of the time, parameter values are `string` (from routing, query string, request payload). `get` is used but does not validate the return type. - `getInt` is used for [pagination (UX Autocomplete)](https://github.com/symfony/ux-autocomplete/blob/697f1cb4914480b811d978efe031a6f4a0dc3814/src/Controller/EntityAutocompleteController.php#L41) or [getting an index (EasyAdmin)](https://github.com/EasyCorp/EasyAdminBundle/blob/f210bd1e494b699dec54d2ef29302db1211267b5/src/Context/AdminContext.php#L157-L158) - I think there was an unidentified breaking change when we introduced return types [#42507](https://github.com/symfony/symfony/pull/42507/files#diff-04f3b8ea71029f48853b804129631aeb9bf3dad7a7a398feb9568bf5397d0e69L117). Methods `getAlpha`, `getAlnum` and `getDigits` could return an array, but their return type have been modified to `string`, resulting in a `TypeError`. [example of use](https://github.com/asaaa1997/Licencjat/blob/8c10abaf87120c904557977ae14284c7d443c9a7/src/Controller/QuizController.php#L164) Commits ------- 172f0a7 [HttpFoundation] Add `ParameterBag::getString()` and deprecate accepting invalid values
Added method
getStringtoParameterBagfor use strict type. We really need this method to make it easier to work with strong typing, because thegetmethod returns several data types, and we need a specific one.