Problem/Motivation
It's currently pretty easy to break a request to acquire a lock with a long name when using the DatabaseLockBackend class. The database column has a max length of 255 but nothing at the application level enforces this. The database cache backend guards against this, the lock should too.
Proposed resolution
Do the same as the DatabaseBackend cache class, use a normalizeCid() method in the Lock backend itself so calls with a longer cid cannot break it.
Remaining tasks
Decide if we should:
- Move the normalizeCid() functionality into a trait or something, so we can reuse it between cache backend and lock backend. Something in the database namespace could be useful.
User interface changes
N/A
API changes
N/A
Data model changes
N/A
Comment | File | Size | Author |
---|---|---|---|
#10 | interdiff-2872276-10.txt | 1.78 KB | damiankloip |
#10 | 2872276-10.patch | 3.72 KB | damiankloip |
#2 | 2872276-tests-only-FAIL.patch | 1.38 KB | damiankloip |
#2 | 2872276.patch | 3.71 KB | damiankloip |
Comments
Comment #2
damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commentedEDIT: Yes - should have put the patch files the other way round.
Comment #4
damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commentedComment #5
dawehnerIMHO sharing code is not a requirement here. Sharing code between arbitrary subsystems can lead to more harm than good on the longrun. Maybe its enough to have a
@see
there and call it a day.Comment #6
dawehnerLier, this is not a cache id :)
It is quite cool that we can use mb_ without worrying about it.
Comment #7
damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commentedYeah, that's a good point. I am fine with not coupling the two systems together with a shared method somewhere.
The mb_ usage is the same in the database backend. Do we require that PHP is compiled with mbstring or the extension is installed?
Comment #8
dawehnerOh we have a wrapper in place in case its not actually available. This is some symfony package.
Comment #9
damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commentedsweet deal. To be fair, I also prefixed it with 'decide if we should' :P
Comment #10
damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commentedSo that means we are done here?
Comment #11
damiankloip CreditAttribution: damiankloip at Pfizer, Inc. commentedComment #12
dawehnerI think personally we are good here. We discussed that sharing this code with the caching backend doesn't make much sense.
Comment #14
catchCommitted/pushed to 8.4.x, thanks!
Comment #16
hussainwebHuge nitpick: I'm just noting there's a typo here. It's definitely not worth reverting but if someone can just fix it in a commit against this issue, it is good enough.