If an RPC call is made that happens to have an e-mail address or similar in the last path position (eg. www.example.com/rpc/resource/peter@example.com), the REST server module getResponseFormatter()
function mistakenly tries to interpret it as a request for the .com
format. In cases where a corresponding format cannot be found, the call should proceed further instead of giving an error message.
Actually, to bring it a bit further, specifying the format at the end like this is a very questionable solution, especially with a possible format like .php
attached to the end of the URL. This is not something a correctly set up web server should let through. So, the best solution would be to make this suffix format specification optional, something to be enabled specifically.
Comment | File | Size | Author |
---|---|---|---|
#9 | interdiff-2808923-7-9.txt | 2.48 KB | colan |
#9 | services-rest_server_blocks_dot_paths-2808923-9.patch | 7.67 KB | colan |
#7 | services-rest_server_blocks_dot_paths-2808923-7.patch | 5 KB | colan |
Comments
Comment #2
djg_tram CreditAttribution: djg_tram as a volunteer commentedComment #3
djg_tram CreditAttribution: djg_tram as a volunteer commentedComment #4
tyler.frankenstein CreditAttribution: tyler.frankenstein commentedI'd recommend URL encoding the e-mail address.
Comment #5
kylebrowning CreditAttribution: kylebrowning as a volunteer and at Acquia commentedComment #6
colanI'd argue that this is a actually a bug report, not a feature request, but I'll leave as-is given the maintainer's decision.
In any case, I tried the URL-encoded version of ".", "%2E", but that didn't work either.
@kylebrowning @tyler.frankenstein: Any tips on where this should be done in the code, or any other advice? I'll see if I can throw a patch together as this is hampering my progress in #2796625: Allow remote variable setting via Aegir Services.
Comment #7
colanThis should do it.
Comment #8
kylebrowning CreditAttribution: kylebrowning as a volunteer and at Acquia commentedNeeds tests. And then we can review.
Comment #9
colanTest added; see interdiff.
I also had to modify an existing test that checks for a missing formatter with a resource instance that has an invalid extension. We actually support "invalid" extensions now as these aren't necessarily data formats. The test now checks for the default formatter (JSON) if an unsupported extension was provided.