Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Menu callbacks and form builder functions should use proper arguments rather than inspecting arg(). This allows modules to reuse and move these functions e.g. using hook_menu_alter().
Comment | File | Size | Author |
---|---|---|---|
#81 | 788900-psr4-reroll-stop-eating-comments.patch | 12.73 KB | xjm |
788900-psr4-reroll.patch | 12.73 KB | xjm | |
#73 | interdiff.txt | 1.41 KB | effulgentsia |
#73 | drupal-arg-788900-73.patch | 13.19 KB | effulgentsia |
#72 | drupal-arg-788900-71.patch | 12.07 KB | effulgentsia |
Comments
Comment #1
casey CreditAttribution: casey commentedI don't think this is minor.
Could you add @param's to the doc?
Not sure about this, but shouldn't these arguments be added to the items' paths hook_menu implementations?
Comment #2
c960657 CreditAttribution: c960657 commentedI added documentation of the new arguments.
I'm not sure what you mean. In most places the arguments are optional. Could you give an example?
Comment #3
casey CreditAttribution: casey commentedI wanted to ask why you removed the second argument from "return drupal_get_form('comment_admin_overview', $type, arg(4));" in comment_admin(), but in between the code was updated. So you need to do a reroll anyway.
You cant access "approval" this way. You should keep $type = 'new' in comment_admin(). The @param doc for comment_admin() is nice though.
@param doc
You only need to provide @param doc for $op and $arg really. That's how its done elsewhere.
Also you are removing code here (if (is_numeric($arg)) {) that isn't put back. I am not sure about the drupal_exit(); either.
Comment #4
marcingy CreditAttribution: marcingy commentedBumping to d8.
Comment #5
Crell CreditAttribution: Crell commentedRetitling. arg() is one of the global violator functions that we need to never rely on. Perhaps this should become a meta for killing it entirely?
As I write this there are ~50 instances of arg() left. We should kill them off mostly as part of #1971384: [META] Convert page callbacks to controllers. Let's kill the rest here.
Comment #6
ParisLiakos CreditAttribution: ParisLiakos commentedi was promised stuff
Comment #7
ParisLiakos CreditAttribution: ParisLiakos commentedwe probably want to do something in ArgumentDefaultPluginBase
storing arguments to a property? since most plugins need them
i am tagging for VDC team to get opinions
Comment #8
ParisLiakos CreditAttribution: ParisLiakos commentedit helps if i actually add the tag:P
Comment #10
ParisLiakos CreditAttribution: ParisLiakos commentedand without fatals:)
Comment #12
ParisLiakos CreditAttribution: ParisLiakos commentedComment #14
ParisLiakos CreditAttribution: ParisLiakos commentedsorry for that, i was sure i checked all the files :/
Comment #15
aspilicious CreditAttribution: aspilicious commentedI think we can inject the request plugin now in plugins? Right?
o_O Can't we create a helper class to replace arg() ??? This is hard to write/read...
Isn't there a Path class in core?
Comment #17
ParisLiakos CreditAttribution: ParisLiakos commentedYes, but i was thinking whether we should actually inject the Request and store the args in a property in ArgumentDefaultPluginBase since their use is very common in default_arguments plugin...does it make sense? thats why i tagged this for vdc team on #8
I dont think this is suitable for the path class, since we would need to make it request aware (right now it just does crud)..unless you mean having a general function in Path to explode any path into pieces?
i hope i fixed all tests
Comment #19
ParisLiakos CreditAttribution: ParisLiakos commented#17: drupal-remove_arg-788900-17.patch queued for re-testing.
Comment #20
Crell CreditAttribution: Crell commentedaspilicious: Yes, it should be hard to write code to grab individual path parts. That helps discourage people from doing so, since you shouldn't be doing so. :-)
Comment #21
dawehnerit might even make sense to have it stored on the full views object, as it is used in various different places (like the table style plugin etc.) but otherwise I like the idea to use it just for default argument plugins and probably argument validation plugins.
Comment #22
dawehnerOh btw. I couldn't really find something to review, so it feels kind of RTBC.
Comment #23
ParisLiakos CreditAttribution: ParisLiakos commentedit needs a reroll of course..i should also do this for views, thanks for feedback dawehner!
Comment #24
Crell CreditAttribution: Crell commented#17: drupal-remove_arg-788900-17.patch queued for re-testing.
Comment #26
Crell CreditAttribution: Crell commentedAttempting a reroll.
Comment #28
dawehnerRerolled the patch. There have been a couple of places in the docs which still referred to the arg() function,
so this is killed now as well.
Comment #29
Crell CreditAttribution: Crell commentedThanks, Daniel! Quick, before this breaks again. :)
Comment #30
tim.plunkettI didn't read the whole issue, but are we sure we're okay with doing this?
When doing these strpos checks, I think we should suffix with /.
For example,
strpos($path, 'admin/')
will prevent it from matching "administrator/something".Comment #31
dawehnerLet's inject the request and let's rerole the other changes.
Comment #32
tim.plunkettI meant the slashes on the other side, like admin/reports/
But maybe both are needed, /admin/reports/
Comment #33
ParisLiakos CreditAttribution: ParisLiakos commentedi believe the system_path attribute does not have a slash prefix..so this will always fail
Comment #34
Crell CreditAttribution: Crell commentedsystem_path doesn't have a leading / for BC reasons. At some point we need to decide what to do about that... but yeah, this isn't the place to change it.
Comment #36
dawehnerWhile being sleepy at least another critical was filed: #2028145: Raw default argument still calls drupal_get_path_alias()
Let's did what tim had original in mind.
Comment #38
dawehnerLet's make the change in Raw() as simple as possible and fix the feed.
Comment #39
ParisLiakos CreditAttribution: ParisLiakos commentedagreed. opened #2028505: Provide the request object for ArgumentDefaultPluginBase::getArgument() as argument to fix views plugins
Comment #40
ParisLiakos CreditAttribution: ParisLiakos commented.
Comment #41
alexpottNeeds a reroll...
Comment #42
Damien Tournoud CreditAttribution: Damien Tournoud commentedI am sorry, but why?
Given that we do have
\Drupal::request()
, what is the value of replacing all:With:
The answer is: there is no value, you are doing it backwards.
Comment #43
catchYeah I don't really get the patch as it is at the moment either.
arg() could be refactored to use Drupal::request(), then it's just a thin wrapper, that refactoring hasn't happened yet. See _drupal_environment_initialize() for the @todo.
There's lots of places that you need to know if you're on an 'admin' page or similar in core, and we don't have another mechanism for knowing that at the moment, so just requiring people to use the longwinded method to get that information isn't improving things - it means it's going to be harder to find those places and convert them to get proper contextual information later.
Comment #44
Crell CreditAttribution: Crell commentedSure, one could implement arg() as a dumb wrapper around the request object in order to support the old model.
The point is that the old model that relies on global state is fundamentally broken and we're moving away from it. Relying on global request data is an effectively deprecated concept. Having a super-easy way to build logic on global state encourages people to do so. It's called "affordance" in usability. People will do what's easy, so make what's "right" easy and what's "wrong" hard. (Classic example: 110v and 220v electrical outlets are physically incompatible so that you don't plus a 110v device into a 220v outlet and start a fire.)
We cannot completely prevent someone from getting at global state, but we should by no means be encouraging it. If you want to get the path... get it from an injected request object. If your logic in some random location is dependent on arg() right now... find some other way to do it. What's that other way? Honestly I don't know. It depends on what that case is. We cannot figure out all possible alternates for each situation because we don't know every where that someone is using arg(). We can only design the affordances to say "don't do this anymore; this is the Wrong Way To Do It(tm)".
Comment #45
catchIf your logic in some random location is dependent on arg() right now... find some other way to do it. What's that other way? Honestly I don't know. It depends on what that case is."
The patch makes no attempt to answer this question for core though, so I'd fully expect contrib modules to follow the same incredibly ugly examples. This isn't about accounting for every possible case, the ones in the patch would be enough.
So lets take arg(0) == 'admin'. We have an api for that already apparently, its drupal_match_path() with the second argument being path_get_admin_paths(). Bit crappy but it does exist despite none of these arg() cases having been converted to it when it was introduced. Since hook_admin_paths() determines what's an admin page, not just admin/ all the places in the patch are doing it wrong, both with and without arg().
Comment #46
catchAnd there's helper for that as well, path_is_admin().
Comment #47
Crell CreditAttribution: Crell commentedSo would updating path_is_admin() and switching the relevant use cases here over to that be acceptable to move this patch forward? (I don't think path_is_admin() is a good approach either, but it's better than directly accessing arg().)
Comment #48
catchI picked arg(0) == 'admin' as the easiest example, there might very well be better API functions for some of the other changes as well.
path_is_admin() isn't a great approach, agreed, but it's the API that we currently have. Switching from one non-API to another non-API skipping over the API that was actually added to encapsulate that logic is not improving anything.
Comment #49
Damien Tournoud CreditAttribution: Damien Tournoud commentedI'm not quite sure where you get this from. Every framework that I know of has a concept of "request-local" data that is accessible from everywhere (stored as thread-local data or as greenlet-local data depending on the execution model). This is true for at least Ruby on Rails, Bottle, Flask, Pyramid.
There is nothing "wrong" conceptually about that. Passing the request object all the way down the chain is just an immense hassle for very little gain, because there is only ever one active request at a time in a given context.
Comment #50
Damien Tournoud CreditAttribution: Damien Tournoud commentedLarry stated in an other issue: "Path-sensitive code is a code smell". I do totally agree with that. But the current patch is not a step in this direction: it doesn't make sense to the procedural wrappers until we got rid of the path-sensitive code.
Comment #51
jibran#38: drupal-788900-38.patch queued for re-testing.
Comment #53
jibranSo is it a won't fix?
Comment #54
damiankloip CreditAttribution: damiankloip commentedI would say postponed?
Comment #55
catchYeah it's postponed - it's OK to remove arg(), but replacing it with one-off hacks that do exactly the same thing isn't. #244090: Tie help into menu router is trying to replace path checks with route checks, which is a step in the right direction.
Comment #56
sunComment #57
InternetDevels CreditAttribution: InternetDevels commentedReroll attached.
Comment #59
ParisLiakos CreditAttribution: ParisLiakos commentedJust 10 usages left..and from them aggregator's 2 are checks which are dead..the path will never be admin, because i removed the duplicate edit/delete route
Comment #61
ParisLiakos CreditAttribution: ParisLiakos commentedw/e
Comment #62
dawehnerMade some more cleanups.
Comment #64
ParisLiakos CreditAttribution: ParisLiakos commentedi very much like the dblog cleanup, nice! the key has changed to
library
thoughComment #66
ParisLiakos CreditAttribution: ParisLiakos commentedNo clue how this was passing
Comment #67
catchNeeds to be deprecated before it's removed.
This should use current_path() for now, to avoid relying on the request attribute. See #2239009: Remove public direct usage of the '_system_path' request attribute.
Is this functional change OK? We have the route admin context available now.
Comment #68
ParisLiakos CreditAttribution: ParisLiakos commentedthanks for the review!
fixed 1 and 2.
About 3: This is dead code that i forgot to remove in #2152673: Remove duplicate edit route from aggregator and make delete/add consistent with rest of core
where i removed the admin routes that add/edit feeds. That means that
arg(0) == 'admin'
will always evaluate to false there.Comment #70
ParisLiakos CreditAttribution: ParisLiakos commented68: drupal-arg-788900-68.patch queued for re-testing.
Comment #71
ParisLiakos CreditAttribution: ParisLiakos commentedComment #72
effulgentsia CreditAttribution: effulgentsia commentedStraight reroll.
Comment #73
effulgentsia CreditAttribution: effulgentsia commentedPatch looks great and removes all usages of arg() as advertised. Response in #68 is correct. Just fixing 2 docs issues:
- suggestions are not generated in preprocess functions anymore, so removed the legacy doc
- there was an arg() reference in a code comment for the Views Raw plugin, so tried to improve that doc
Otherwise, if this passes bot, I think it's RTBC.
Comment #74
sunWould be good to use a strict comparison here (TRUE).
For a very limited set of comparison values, it would be even better to compare each value separately, so as to avoid the cost of
array()
+in_array()
.In this particular case, we could even optimize further:
Comment #75
Crell CreditAttribution: Crell commentedsun: That's an obscene level of micro-optimization. The existing code is far more readable than a long line of separate booleans. I don't know what cost of array() + in_array() you're talking about, but if it even exists go eliminate an SQL query and I promise you'll make up for it 100 fold. :-)
Comment #76
ParisLiakos CreditAttribution: ParisLiakos commentedthanks for the doc fixes @effulgentsia
this is good to go now, just needs the RTBC flag
Comment #77
effulgentsia CreditAttribution: effulgentsia commentedI'll take #76 as approval of #73's interdiff, so RTBC. I agree with #75 that #74 is not worth it: login block access is checked once per request: this isn't where those kinds of micro-optimizations are worthwhile.
Comment #78
alexpottI'm not sure that the change notice is very helpful - https://drupal.org/node/2274705. I'm sure we'd want to discourage people from doing
to often - right? I don't think we're deprecating arg() in favour of this approach.
Comment #79
ParisLiakos CreditAttribution: ParisLiakos commentedyeah, i started it yesterday and left it as placeholder - its definitely not finished, but i will finish it later today
Comment #80
ParisLiakos CreditAttribution: ParisLiakos commentedi added more examples and a final note https://drupal.org/node/2274705
Comment #81
xjmd.o ate my comment... reuploading.
Comment #82
catchOK there's still ugliness here (current_path() explosion and route location) - but we have a critical issue for getting the current route and it's much, much better than a year ago when it should never have been initially RTBCed...
The current path explosion I'm not convinced we even need those theme/template suggestions so opened #2275487: Remove current path parts from theme suggestions, maybe we can just ditch that.
Committed/pushed to 8.x, thanks!
Comment #85
hass CreditAttribution: hass commenteda