Magento2: REST WEBAPI malforms parameters in v2.2.4 when decoding

Created on 19 Jun 2018  路  6Comments  路  Source: magento/magento2

Background

We recently updated our system from 2.1.9 to 2.2.4.
A following critical error was introduced, using the built in REST API's as described here: https://devdocs.magento.com/guides/v2.2/rest/performing-searches.html

Preconditions

  1. Magento 2.2.4
  2. PHP 7.0

Steps to reproduce

  1. Query products from /rest/V1/products?searchCriteria[filter_groups][0][filters][0][field]=name&searchCriteria[filter_groups][0][filters][0][value]=%25car%25&searchCriteria[filter_groups][0][filters][0][condition_type]=like
    ( Note the %25car%25 in the query.)

Expected result

  1. Response should filter the string "%car%" in product name search criteria
  2. I.e <value>%car%</value>

Actual result

  1. Instead the string "什%" will end up being used as input.
  2. I.e <value>什%</value>

Analysis

It seems that when the UrlDecoder::decodeParams is called in Magento\Webapi\Controller\Rest\InputParamsResolver::106, the string is actually already been decoded, so the decoder will end up with rawurldecode('%car%') witch will return an unexpected result;

FrameworWebapi Fixed in 2.3.x Clear Description Confirmed Format is valid Ready for Work Reproduced on 2.2.x help wanted
Source
picture reviskar

Most helpful comment

Hi @reviskar The issue was re-tested and we can confirm that it was fixed on the 2.3 release branch. We closing this issue as fixed due to upcoming 2.3 release that will be available soon.

picture ghost on 20 Nov 2018
👍2

All 6 comments

Hello @reviskar, thank you for your report.
We've acknowledged the issue and added to our backlog.

engcom-backlog-nickolas picture engcom-backlog-nickolas on 17 Jul 2018

Hi @engcom-backlog-nazar. Thank you for working on this issue.
Looks like this issue is already verified and confirmed. But if your want to validate it one more time, please, go though the following instruction:

  • [ ] 1. Add/Edit Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

  • [ ] 2. Verify that the issue is reproducible on 2.3-develop branch

    Details- Add the comment @magento-engcom-team give me 2.3-develop instance to deploy test instance on Magento infrastructure.
    - If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
    - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and _stop verification process here_!

  • [ ] 3. Verify that the issue is reproducible on 2.2-develop branch.

    Details- Add the comment @magento-engcom-team give me 2.2-develop instance to deploy test instance on Magento infrastructure.
    - If the issue is reproducible on 2.2-develop branch, please add the label Reproduced on 2.2.x

  • [ ] 4. If the issue is not relevant or is not reproducible any more, feel free to close it.

magento-engcom-team picture magento-engcom-team on 20 Nov 2018

Hi @reviskar The issue was re-tested and we can confirm that it was fixed on the 2.3 release branch. We closing this issue as fixed due to upcoming 2.3 release that will be available soon.

ghost picture ghost on 20 Nov 2018
👍2

@engcom-backlog-nazar backport?

centerax picture centerax on 23 Nov 2018

@engcom-backlog-nazar

The issue was re-tested and we can confirm that it was fixed on the 2.3 release branch

any URL to commit?

yaroslav-zenin picture yaroslav-zenin on 13 Dec 2018

Found that issue was caused by commit https://github.com/magento/magento2/commit/377668493512c25d6ba94c2fdff1a9f6a35e3530#diff-25b137703a62acb5686fb2e5ab17ec5a

yaroslav-zenin picture yaroslav-zenin on 13 Dec 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jzalenski picture jzalenski  路  3Comments
punkstar picture punkstar  路  3Comments
gg24 picture gg24  路  3Comments
kirashet666 picture kirashet666  路  3Comments
algostore picture algostore  路  3Comments