[!!!][TASK] Remove POST option from typolink.addQueryString.method 95/61295/12
authorOliver Hader <oliver@typo3.org>
Mon, 15 Jul 2019 09:13:17 +0000 (11:13 +0200)
committerAndreas Fernandez <a.fernandez@scripting-base.de>
Sun, 21 Jul 2019 08:14:40 +0000 (10:14 +0200)
Setting `addQueryString.method` of typolink could be used like shown
below in order to transform HTTP POST parameters into according GET
parameters.

    typolink {
        parameter = 123
        addQueryString = 1
        addQueryString.method = POST
    }

In terms of correctly using HTTP verbs it's bad practise in general
to treat GET and POST equally, besides that documentation already
mentioned potential side-effects like accidentally exposing sensitive
data submitted via POST to proxies or log files.

That's why values POST, GET,POST and POST,GET are not allowed anymore
for `typolink.addQueryString.method`. Maintaining functionality - if
required at all - has to be done using domain specific logic in
according controllers or middleware implementations.

Resolves: #88755
Releases: master
Change-Id: I6ecfdd2ee98251b64093c1a13f9371beea862ddd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295
Tested-by: Benjamin Franzke <bfr@qbus.de>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Benjamin Franzke <bfr@qbus.de>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
typo3/sysext/core/Documentation/Changelog/master/Breaking-88755-RemovePOSTOptionFromTypolinkaddQueryStringmethod.rst [new file with mode: 0644]
typo3/sysext/extbase/Classes/Mvc/Web/Routing/UriBuilder.php
typo3/sysext/extbase/Tests/Unit/Mvc/Web/Routing/UriBuilderTest.php
typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
typo3/sysext/fluid/Tests/Functional/ViewHelpers/TypolinkViewHelperTest.php
typo3/sysext/fluid/Tests/Unit/ViewHelpers/Link/TypolinkViewHelperTest.php
typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
typo3/sysext/frontend/Tests/Unit/ContentObject/ContentObjectRendererTest.php
typo3/sysext/t3editor/Resources/Private/tsref.xml

diff --git a/typo3/sysext/core/Documentation/Changelog/master/Breaking-88755-RemovePOSTOptionFromTypolinkaddQueryStringmethod.rst b/typo3/sysext/core/Documentation/Changelog/master/Breaking-88755-RemovePOSTOptionFromTypolinkaddQueryStringmethod.rst
new file mode 100644 (file)
index 0000000..a68b7ad
--- /dev/null
@@ -0,0 +1,71 @@
+.. include:: ../../Includes.txt
+
+=========================================================================
+Breaking: #88755 - Remove POST option from typolink.addQueryString.method
+=========================================================================
+
+See :issue:`88755`
+
+Description
+===========
+
+Setting :typoscript:`addQueryString.method` of typolink could be used like shown below in order to transform
+HTTP POST parameters into according GET parameters.
+
+.. code-block:: typoscript
+
+   typolink {
+     parameter = 123
+     addQueryString = 1
+     addQueryString.method = POST
+   }
+
+In terms of correctly using HTTP verbs it's bad practise in general to treat GET and POST equally, besides that
+documentation already mentioned potential side-effects like accidentally exposing sensitive data submitted via
+POST to proxies or log files.
+
+That's why values :typoscript:`POST`, :typoscript:`GET,POST` and :typoscript:`POST,GET` are not allowed anymore
+for :typoscript:`typolink.addQueryString.method`. Maintaining functionality - if required at all - has to be done
+using domain specific logic in according controllers or middleware implementations.
+
+
+Impact
+======
+
+* using :typoscript:`GET,POST`, :typoscript:`POST,GET` or :typoscript:`POST` will trigger an :php:`E_USER_WARNING`
+* using :typoscript:`GET,POST` or :typoscript:`POST,GET` will fall back to :typoscript:`GET`
+* using :typoscript:`POST` will be ignored and an empty result
+
+In a consequence only query parameters submitted via HTTP GET are taken into account, parameters of HTTP POST
+body are ignored.
+
+
+Affected Installations
+======================
+
+* TypoScript defining :typoscript:`typolink.addQueryString.method` with values mentioned in previous section
+* invocations of :php:`TYPO3\CMS\Extbase\Mvc\Web\Routing\UriBuilder::setAddQueryStringMethod()` with values
+  mentioned in previous section
+* as an effect Fluid view helpers forwarding this information to
+  :php:`TYPO3\CMS\Extbase\Mvc\Web\Routing\UriBuilder::setAddQueryStringMethod()` are affected -
+  argument :php:`addQueryStringMethod` is affected in view helper of TYPO3 core like shown below
+  + :html:`<f:form ... addQueryStringMethod="POST">`
+  + :html:`<f:link.action addQueryStringMethod="POST">`
+  + :html:`<f:link.page ... addQueryStringMethod="POST">`
+  + :html:`<f:link.typolink addQueryStringMethod="POST">`
+  + :html:`<f:uri.action ... addQueryStringMethod="POST">`
+  + :html:`<f:uri.page ... addQueryStringMethod="POST">`
+  + :html:`<f:uri.typolink addQueryStringMethod="POST">`
+  + :html:`<f:widget.uri ... addQueryStringMethod="POST">`
+  + :html:`<f:widget.link addQueryStringMethod="POST">`
+  + :html:`<f:widget.paginate ... configuration="{addQueryStringMethod: 'POST'}">`
+
+
+Migration
+=========
+
+* change to mentioned assignments in TypoScript, Fluid templates or PHP code to :typoscript:`GET`
+* analyse and try to understand whether :typoscript:`POST` is still required or could be substituted
+
+
+.. index:: Backend, Fluid, Frontend, PHP-API, TypoScript, NotScanned
index a324bdf..d68837b 100644 (file)
@@ -317,13 +317,13 @@ class UriBuilder
 
     /**
      * Sets the method to get the addQueryString parameters. Defaults to an empty string
-     * which results in calling GeneralUtility::getIndpEnv('QUERY_STRING').
+     * which results in using GeneralUtility::_GET(). Possible values are
      *
-     * Possible values are:
-     * - GET
-     * - POST
-     * - GET,POST
-     * - POST,GET
+     * + ''      -> uses GeneralUtility::_GET()
+     * + '0'     -> uses GeneralUtility::_GET()
+     * + 'GET'   -> uses GeneralUtility::_GET()
+     * + '<any>' -> uses parse_str(GeneralUtility::getIndpEnv('QUERY_STRING'))
+     *              (<any> refers to literally everything else than previously mentioned values)
      *
      * @param string $addQueryStringMethod
      * @return static the current UriBuilder to allow method chaining
@@ -331,6 +331,13 @@ class UriBuilder
      */
     public function setAddQueryStringMethod(string $addQueryStringMethod): UriBuilder
     {
+        if ($addQueryStringMethod === 'POST') {
+            trigger_error('Assigning addQueryStringMethod = POST is not supported anymore since TYPO3 v10.0', E_USER_WARNING);
+            $addQueryStringMethod = null;
+        } elseif ($addQueryStringMethod === 'GET,POST' || $addQueryStringMethod === 'POST,GET') {
+            trigger_error('Assigning addQueryStringMethod = GET,POST or POST,GET is not supported anymore since TYPO3 v10.0 - falling back to GET', E_USER_WARNING);
+            $addQueryStringMethod = 'GET';
+        }
         $this->addQueryStringMethod = $addQueryStringMethod;
         return $this;
     }
@@ -650,26 +657,11 @@ class UriBuilder
     {
         $arguments = [];
         if ($this->addQueryString === true) {
-            if ($this->addQueryStringMethod) {
-                switch ($this->addQueryStringMethod) {
-                    case 'GET':
-                        $arguments = GeneralUtility::_GET();
-                        break;
-                    case 'POST':
-                        $arguments = GeneralUtility::_POST();
-                        break;
-                    case 'GET,POST':
-                        $arguments = array_replace_recursive(GeneralUtility::_GET(), GeneralUtility::_POST());
-                        break;
-                    case 'POST,GET':
-                        $arguments = array_replace_recursive(GeneralUtility::_POST(), GeneralUtility::_GET());
-                        break;
-                    default:
-                        // Explode GET vars recursively
-                        parse_str(GeneralUtility::getIndpEnv('QUERY_STRING'), $arguments);
-                }
-            } else {
+            if ($this->addQueryStringMethod === '' || $this->addQueryStringMethod === '0' || $this->addQueryStringMethod === 'GET') {
                 $arguments = GeneralUtility::_GET();
+            } else {
+                // Explode GET vars recursively
+                parse_str(GeneralUtility::getIndpEnv('QUERY_STRING'), $arguments);
             }
             foreach ($this->argumentsToBeExcludedFromQueryString as $argumentToBeExcluded) {
                 $argumentArrayToBeExcluded = [];
index fbc34ce..14e614d 100644 (file)
@@ -14,6 +14,8 @@ namespace TYPO3\CMS\Extbase\Tests\Unit\Mvc\Web\Routing;
  *
  * The TYPO3 project - inspiring people to share!
  */
+
+use PHPUnit\Framework\Error\Warning;
 use TYPO3\CMS\Backend\Routing\Route;
 use TYPO3\CMS\Backend\Routing\Router;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
@@ -105,7 +107,7 @@ class UriBuilderTest extends UnitTestCase
             ->setAbsoluteUriScheme('https')
             ->setAddQueryString(true)
             ->setArgumentsToBeExcludedFromQueryString(['test' => 'addQueryStringExcludeArguments'])
-            ->setAddQueryStringMethod('GET,POST')
+            ->setAddQueryStringMethod('GET')
             ->setArgumentPrefix('testArgumentPrefix')
             ->setLinkAccessRestrictedPages(true)
             ->setTargetPageUid(123)
@@ -118,7 +120,7 @@ class UriBuilderTest extends UnitTestCase
         $this->assertEquals('https', $this->uriBuilder->getAbsoluteUriScheme());
         $this->assertEquals(true, $this->uriBuilder->getAddQueryString());
         $this->assertEquals(['test' => 'addQueryStringExcludeArguments'], $this->uriBuilder->getArgumentsToBeExcludedFromQueryString());
-        $this->assertEquals('GET,POST', $this->uriBuilder->getAddQueryStringMethod());
+        $this->assertEquals('GET', $this->uriBuilder->getAddQueryStringMethod());
         $this->assertEquals('testArgumentPrefix', $this->uriBuilder->getArgumentPrefix());
         $this->assertEquals(true, $this->uriBuilder->getLinkAccessRestrictedPages());
         $this->assertEquals(123, $this->uriBuilder->getTargetPageUid());
@@ -208,10 +210,9 @@ class UriBuilderTest extends UnitTestCase
         $_GET['id'] = 'pageId';
         $_GET['foo'] = 'bar';
         $_POST = [];
-        $_POST['foo2'] = 'bar2';
         $this->uriBuilder->setAddQueryString(true);
-        $this->uriBuilder->setAddQueryStringMethod('GET,POST');
-        $expectedResult = '/typo3/index.php?route=%2Ftest%2FPath&token=dummyToken&id=pageId&foo=bar&foo2=bar2';
+        $this->uriBuilder->setAddQueryStringMethod('GET');
+        $expectedResult = '/typo3/index.php?route=%2Ftest%2FPath&token=dummyToken&id=pageId&foo=bar';
         $actualResult = $this->uriBuilder->buildBackendUri();
         $this->assertEquals($expectedResult, $actualResult);
     }
@@ -245,13 +246,10 @@ class UriBuilderTest extends UnitTestCase
                     'foo' => 'bar'
                 ],
                 [
-                    'foo2' => 'bar2'
-                ],
-                [
                     'route',
                     'id'
                 ],
-                '/typo3/index.php?route=%2F&token=dummyToken&foo=bar&foo2=bar2'
+                '/typo3/index.php?route=%2F&token=dummyToken&foo=bar'
             ],
             'Arguments to be excluded in the end' => [
                 [
@@ -260,13 +258,10 @@ class UriBuilderTest extends UnitTestCase
                     'route' => '/test/Path'
                 ],
                 [
-                    'foo2' => 'bar2'
-                ],
-                [
                     'route',
                     'id'
                 ],
-                '/typo3/index.php?route=%2F&token=dummyToken&foo=bar&foo2=bar2'
+                '/typo3/index.php?route=%2F&token=dummyToken&foo=bar'
             ],
             'Arguments in nested array to be excluded' => [
                 [
@@ -277,13 +272,10 @@ class UriBuilderTest extends UnitTestCase
                     'route' => '/test/Path'
                 ],
                 [
-                    'foo2' => 'bar2'
-                ],
-                [
                     'id',
                     'tx_foo[bar]'
                 ],
-                '/typo3/index.php?route=%2Ftest%2FPath&token=dummyToken&foo2=bar2'
+                '/typo3/index.php?route=%2Ftest%2FPath&token=dummyToken'
             ],
             'Arguments in multidimensional array to be excluded' => [
                 [
@@ -296,13 +288,10 @@ class UriBuilderTest extends UnitTestCase
                     'route' => '/test/Path'
                 ],
                 [
-                    'foo2' => 'bar2'
-                ],
-                [
                     'id',
                     'tx_foo[bar][baz]'
                 ],
-                '/typo3/index.php?route=%2Ftest%2FPath&token=dummyToken&foo2=bar2'
+                '/typo3/index.php?route=%2Ftest%2FPath&token=dummyToken'
             ],
         ];
     }
@@ -311,16 +300,14 @@ class UriBuilderTest extends UnitTestCase
      * @test
      * @dataProvider buildBackendUriRemovesSpecifiedQueryParametersIfArgumentsToBeExcludedFromQueryStringIsSetDataProvider
      * @param array $parameters
-     * @param array $postArguments
      * @param array $excluded
      * @param string $expected
      */
-    public function buildBackendUriRemovesSpecifiedQueryParametersIfArgumentsToBeExcludedFromQueryStringIsSet(array $parameters, array $postArguments, array $excluded, $expected)
+    public function buildBackendUriRemovesSpecifiedQueryParametersIfArgumentsToBeExcludedFromQueryStringIsSet(array $parameters, array $excluded, $expected)
     {
         $_GET = array_replace_recursive($_GET, $parameters);
-        $_POST = $postArguments;
         $this->uriBuilder->setAddQueryString(true);
-        $this->uriBuilder->setAddQueryStringMethod('GET,POST');
+        $this->uriBuilder->setAddQueryStringMethod('GET');
         $this->uriBuilder->setArgumentsToBeExcludedFromQueryString($excluded);
         $actualResult = $this->uriBuilder->buildBackendUri();
         $this->assertEquals($expected, $actualResult);
@@ -393,69 +380,46 @@ class UriBuilderTest extends UnitTestCase
     }
 
     /**
-     * @test
+     * @return array
      */
-    public function buildBackendUriWithQueryStringMethodPostGetMergesParameters()
+    public function buildUriDataProvider(): array
     {
-        $_POST = [
-            'key1' => 'POST1',
-            'key2' => 'POST2',
-            'key3' => [
-                'key31' => 'POST31',
-                'key32' => 'POST32',
-                'key33' => [
-                    'key331' => 'POST331',
-                    'key332' => 'POST332',
-                ]
+        $uriPrefix = '/typo3/index.php?route=%2Ftest%2FPath';
+
+        return [
+            'GET,POST' => [
+                'GET,POST',
+                'Assigning addQueryStringMethod = GET,POST or POST,GET is not supported anymore since TYPO3 v10.0 - falling back to GET',
+                $uriPrefix . '&common=GET&get=GET'
+            ],
+            'POST,GET' => [
+                'POST,GET',
+                'Assigning addQueryStringMethod = GET,POST or POST,GET is not supported anymore since TYPO3 v10.0 - falling back to GET',
+                $uriPrefix . '&common=GET&get=GET'
+            ],
+            'POST' => [
+                'POST',
+                'Assigning addQueryStringMethod = POST is not supported anymore since TYPO3 v10.0',
+                $uriPrefix
             ],
         ];
-        $_GET = [
-            'key2' => 'GET2',
-            'key3' => [
-                'key32' => 'GET32',
-                'key33' => [
-                    'key331' => 'GET331',
-                ]
-            ]
-        ];
-        $this->uriBuilder->setAddQueryString(true);
-        $this->uriBuilder->setAddQueryStringMethod('POST,GET');
-        $expectedResult = $this->rawUrlEncodeSquareBracketsInUrl('/typo3/index.php?route=%2F&token=dummyToken&key1=POST1&key2=GET2&key3[key31]=POST31&key3[key32]=GET32&key3[key33][key331]=GET331&key3[key33][key332]=POST332');
-        $actualResult = $this->uriBuilder->buildBackendUri();
-        $this->assertEquals($expectedResult, $actualResult);
     }
 
     /**
+     * @param string $method
+     * @param string $expectedMessage
+     * @param string $expectedResult
+     *
      * @test
+     * @dataProvider buildUriDataProvider
      */
-    public function buildBackendUriWithQueryStringMethodGetPostMergesParameters()
+    public function buildBackendUriHandlesRemovedMethods(string $method, string $expectedMessage, string $expectedResult): void
     {
-        $_GET = [
-            'key1' => 'GET1',
-            'key2' => 'GET2',
-            'key3' => [
-                'key31' => 'GET31',
-                'key32' => 'GET32',
-                'key33' => [
-                    'key331' => 'GET331',
-                    'key332' => 'GET332',
-                ]
-            ],
-        ];
-        $_POST = [
-            'key2' => 'POST2',
-            'key3' => [
-                'key32' => 'POST32',
-                'key33' => [
-                    'key331' => 'POST331',
-                ]
-            ]
-        ];
-        $this->uriBuilder->setAddQueryString(true);
-        $this->uriBuilder->setAddQueryStringMethod('GET,POST');
-        $expectedResult = $this->rawUrlEncodeSquareBracketsInUrl('/typo3/index.php?route=%2F&token=dummyToken&key1=GET1&key2=POST2&key3[key31]=GET31&key3[key32]=POST32&key3[key33][key331]=POST331&key3[key33][key332]=GET332');
-        $actualResult = $this->uriBuilder->buildBackendUri();
-        $this->assertEquals($expectedResult, $actualResult);
+        $_GET = ['common' => 'GET', 'get' => 'GET', 'route' => '/test/Path'];
+        $this->expectException(Warning::class);
+        $this->expectExceptionMessage($expectedMessage);
+        $this->uriBuilder->setAddQueryStringMethod($method);
+        static::assertSame($expectedResult, $this->uriBuilder->buildFrontendUri());
     }
 
     /**
@@ -646,8 +610,8 @@ class UriBuilderTest extends UnitTestCase
     {
         $this->uriBuilder->setTargetPageUid(123);
         $this->uriBuilder->setAddQueryString(true);
-        $this->uriBuilder->setAddQueryStringMethod('GET,POST');
-        $expectedConfiguration = ['parameter' => 123, 'addQueryString' => 1, 'addQueryString.' => ['method' => 'GET,POST']];
+        $this->uriBuilder->setAddQueryStringMethod('GET');
+        $expectedConfiguration = ['parameter' => 123, 'addQueryString' => 1, 'addQueryString.' => ['method' => 'GET']];
         $actualConfiguration = $this->uriBuilder->_call('buildTypolinkConfiguration');
         $this->assertEquals($expectedConfiguration, $actualConfiguration);
     }
index 0e98528..8b9d973 100644 (file)
@@ -127,7 +127,7 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
         $this->registerArgument('absolute', 'bool', 'If set, an absolute action URI is rendered (only active if $actionUri is not set)', false, false);
         $this->registerArgument('addQueryString', 'bool', 'If set, the current query parameters will be kept in the action URI (only active if $actionUri is not set)', false, false);
         $this->registerArgument('argumentsToBeExcludedFromQueryString', 'array', 'arguments to be removed from the action URI. Only active if $addQueryString = TRUE and $actionUri is not set', false, []);
-        $this->registerArgument('addQueryStringMethod', 'string', 'Method to use when keeping query parameters (GET or POST, only active if $actionUri is not set', false, 'GET');
+        $this->registerArgument('addQueryStringMethod', 'string', 'Method to use when keeping query parameters (only active if $actionUri is not set)', false, 'GET');
         $this->registerArgument('fieldNamePrefix', 'string', 'Prefix that will be added to all field names within this form. If not set the prefix will be tx_yourExtension_plugin');
         $this->registerArgument('actionUri', 'string', 'can be used to overwrite the "action" attribute of the form tag');
         $this->registerArgument('objectName', 'string', 'name of the object that is bound to this form. If this argument is not specified, the name attribute of this form is used to determine the FormObjectName');
index 981094b..7c30e18 100644 (file)
@@ -126,13 +126,6 @@ class TypolinkViewHelperTest extends FunctionalTestCase
                 'expected' => '<a href="/en/?foo=bar&amp;cHash=afa4b37588ab917af3cfe2cd4464029d">This is a testlink</a> <a href="/en/">This is a testlink</a>',
                 'template' => 'link_typolink_viewhelper',
             ],
-            'link: with add query string and method POST' => [
-                'addQueryString' => true,
-                'addQueryStringMethod' => 'POST',
-                'addQueryStringExclude' => 'temp',
-                'expected' => '<a href="/en/">This is a testlink</a> <a href="/en/">This is a testlink</a>',
-                'template' => 'link_typolink_viewhelper',
-            ],
             'uri: default' => [
                 'addQueryString' => false,
                 'addQueryStringMethod' => 'GET',
@@ -154,13 +147,6 @@ class TypolinkViewHelperTest extends FunctionalTestCase
                 'expected' => '/en/?foo=bar&amp;cHash=afa4b37588ab917af3cfe2cd4464029d /en/',
                 'template' => 'uri_typolink_viewhelper',
             ],
-            'uri: with add query string and method POST' => [
-                'addQueryString' => true,
-                'addQueryStringMethod' => 'POST',
-                'addQueryStringExclude' => 'temp',
-                'expected' => '/en/ /en/',
-                'template' => 'uri_typolink_viewhelper',
-            ],
         ];
     }
 }
index 1f2f809..28e754a 100644 (file)
@@ -66,10 +66,10 @@ class TypolinkViewHelperTest extends ViewHelperBaseTestcase
     /**
      * @test
      */
-    public function renderCallsStdWrapWithrightParameters()
+    public function renderCallsStdWrapWithRightParameters()
     {
         $addQueryString = true;
-        $addQueryStringMethod = 'GET,POST';
+        $addQueryStringMethod = 'GET';
         $addQueryStringExclude = 'cHash';
 
         $this->subject->expects($this->any())->method('renderChildren')->will($this->returnValue('innerContent'));
index 1481dde..d861419 100644 (file)
@@ -5440,24 +5440,19 @@ class ContentObjectRenderer implements LoggerAwareInterface
     public function getQueryArguments($conf, $overruleQueryArguments = [], $forceOverruleArguments = false)
     {
         $method = (string)($conf['method'] ?? '');
-        switch ($method) {
-            case 'GET':
-                $currentQueryArray = GeneralUtility::_GET();
-                break;
-            case 'POST':
-                $currentQueryArray = GeneralUtility::_POST();
-                break;
-            case 'GET,POST':
-                $currentQueryArray = GeneralUtility::_GET();
-                ArrayUtility::mergeRecursiveWithOverrule($currentQueryArray, GeneralUtility::_POST());
-                break;
-            case 'POST,GET':
-                $currentQueryArray = GeneralUtility::_POST();
-                ArrayUtility::mergeRecursiveWithOverrule($currentQueryArray, GeneralUtility::_GET());
-                break;
-            default:
-                $currentQueryArray = [];
-                parse_str($this->getEnvironmentVariable('QUERY_STRING'), $currentQueryArray);
+        if ($method === 'POST') {
+            trigger_error('Assigning typolink.addQueryString.method = POST is not supported anymore since TYPO3 v10.0', E_USER_WARNING);
+            return '';
+        }
+        if ($method === 'GET,POST' || $method === 'POST,GET') {
+            trigger_error('Assigning typolink.addQueryString.method = GET,POST or POST,GET is not supported anymore since TYPO3 v10.0 - falling back to GET', E_USER_WARNING);
+            $method = 'GET';
+        }
+        if ($method === 'GET') {
+            $currentQueryArray = GeneralUtility::_GET();
+        } else {
+            $currentQueryArray = [];
+            parse_str($this->getEnvironmentVariable('QUERY_STRING'), $currentQueryArray);
         }
         if ($conf['exclude'] ?? false) {
             $excludeString = str_replace(',', '&', $conf['exclude']);
index c380f79..f2d7ac3 100644 (file)
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Frontend\Tests\Unit\ContentObject;
  * The TYPO3 project - inspiring people to share!
  */
 
+use PHPUnit\Framework\Error\Warning;
 use PHPUnit\Framework\Exception;
 use Prophecy\Argument;
 use Psr\Http\Message\ServerRequestInterface;
@@ -442,7 +443,7 @@ class ContentObjectRendererTest extends UnitTestCase
      */
     public function getQueryArgumentsOverrulesMultiDimensionalParameters(): void
     {
-        $_POST = [
+        $_GET = [
             'key1' => 'value1',
             'key2' => 'value2',
             'key3' => [
@@ -454,7 +455,7 @@ class ContentObjectRendererTest extends UnitTestCase
             ]
         ];
         $getQueryArgumentsConfiguration = [];
-        $getQueryArgumentsConfiguration['method'] = 'POST';
+        $getQueryArgumentsConfiguration['method'] = 'GET';
         $getQueryArgumentsConfiguration['exclude'] = [];
         $getQueryArgumentsConfiguration['exclude'][] = 'key1';
         $getQueryArgumentsConfiguration['exclude'][] = 'key3[key31]';
@@ -487,7 +488,7 @@ class ContentObjectRendererTest extends UnitTestCase
         $this->subject->expects($this->any())->method('getEnvironmentVariable')->with($this->equalTo('QUERY_STRING'))->will(
             $this->returnValue('key1=value1&key2=value2&key3[key31]=value31&key3[key32][key321]=value321&key3[key32][key322]=value322')
         );
-        $_POST = [
+        $_GET = [
             'key1' => 'value1',
             'key2' => 'value2',
             'key3' => [
@@ -517,78 +518,54 @@ class ContentObjectRendererTest extends UnitTestCase
                 ]
             ]
         ];
+        // implicitly using default 'QUERY_STRING' as 'method'
         $expectedResult = $this->rawUrlEncodeSquareBracketsInUrl('&key2=value2Overruled&key3[key32][key321]=value321Overruled&key3[key32][key323]=value323Overruled');
         $actualResult = $this->subject->getQueryArguments($getQueryArgumentsConfiguration, $overruleArguments, true);
         $this->assertEquals($expectedResult, $actualResult);
-        $getQueryArgumentsConfiguration['method'] = 'POST';
+        $getQueryArgumentsConfiguration['method'] = 'GET';
         $actualResult = $this->subject->getQueryArguments($getQueryArgumentsConfiguration, $overruleArguments, true);
         $this->assertEquals($expectedResult, $actualResult);
     }
 
     /**
-     * @test
+     * @return array
      */
-    public function getQueryArgumentsWithMethodPostGetMergesParameters(): void
+    public function getQueryArgumentsHandlesRemovedMethodsDataProvider(): array
     {
-        $_POST = [
-            'key1' => 'POST1',
-            'key2' => 'POST2',
-            'key3' => [
-                'key31' => 'POST31',
-                'key32' => 'POST32',
-                'key33' => [
-                    'key331' => 'POST331',
-                    'key332' => 'POST332',
-                ]
-            ]
-        ];
-        $_GET = [
-            'key2' => 'GET2',
-            'key3' => [
-                'key32' => 'GET32',
-                'key33' => [
-                    'key331' => 'GET331',
-                ]
-            ]
+        return [
+            'GET,POST' => [
+                'GET,POST',
+                'Assigning typolink.addQueryString.method = GET,POST or POST,GET is not supported anymore since TYPO3 v10.0 - falling back to GET',
+                '&common=GET&get=GET'
+            ],
+            'POST,GET' => [
+                'POST,GET',
+                'Assigning typolink.addQueryString.method = GET,POST or POST,GET is not supported anymore since TYPO3 v10.0 - falling back to GET',
+                '&common=GET&get=GET'
+            ],
+            'POST' => [
+                'POST',
+                'Assigning typolink.addQueryString.method = POST is not supported anymore since TYPO3 v10.0',
+                ''
+            ],
         ];
-        $getQueryArgumentsConfiguration = [];
-        $getQueryArgumentsConfiguration['method'] = 'POST,GET';
-        $expectedResult = $this->rawUrlEncodeSquareBracketsInUrl('&key1=POST1&key2=GET2&key3[key31]=POST31&key3[key32]=GET32&key3[key33][key331]=GET331&key3[key33][key332]=POST332');
-        $actualResult = $this->subject->getQueryArguments($getQueryArgumentsConfiguration);
-        $this->assertEquals($expectedResult, $actualResult);
     }
 
     /**
+     * @param string $method
+     * @param string $expectedMessage
+     * @param string $expectedResult
+     *
      * @test
+     * @dataProvider getQueryArgumentsHandlesRemovedMethodsDataProvider
      */
-    public function getQueryArgumentsWithMethodGetPostMergesParameters(): void
+    public function getQueryArgumentsHandlesRemovedMethods(string $method, string $expectedMessage, string $expectedResult): void
     {
-        $_GET = [
-            'key1' => 'GET1',
-            'key2' => 'GET2',
-            'key3' => [
-                'key31' => 'GET31',
-                'key32' => 'GET32',
-                'key33' => [
-                    'key331' => 'GET331',
-                    'key332' => 'GET332',
-                ]
-            ]
-        ];
-        $_POST = [
-            'key2' => 'POST2',
-            'key3' => [
-                'key32' => 'POST32',
-                'key33' => [
-                    'key331' => 'POST331',
-                ]
-            ]
-        ];
-        $getQueryArgumentsConfiguration = [];
-        $getQueryArgumentsConfiguration['method'] = 'GET,POST';
-        $expectedResult = $this->rawUrlEncodeSquareBracketsInUrl('&key1=GET1&key2=POST2&key3[key31]=GET31&key3[key32]=POST32&key3[key33][key331]=POST331&key3[key33][key332]=GET332');
-        $actualResult = $this->subject->getQueryArguments($getQueryArgumentsConfiguration);
-        $this->assertEquals($expectedResult, $actualResult);
+        $_GET = ['common' => 'GET', 'get' => 'GET'];
+        $configuration = ['method' => $method];
+        $this->expectException(Warning::class);
+        $this->expectExceptionMessage($expectedMessage);
+        static::assertSame($expectedResult, $this->subject->getQueryArguments($configuration));
     }
 
     /**
index 8b1526f..aa32059 100644 (file)
@@ -5957,11 +5957,7 @@ status=1,menubar=1,scrollbars=1,resizable=1,location=1,directories=1,toolbar=1]]
                <property name="addQueryString" type="boolean">
                        <description><![CDATA[Add the QUERY_STRING to the start of the link. Notice that this does not check for any duplicate parameters! This is not a problem (only the last parameter of the same name will be applied).
 
-.method: If set to GET or POST then then the parsed query arguments (GET or POST data) will be used. This settings are useful if you use URL processing extensions like Real URL, which translate part of the path into query arguments.
-It's also possible to get both, POST and GET data, on setting this to
-"POST,GET" or "GET,POST". The last method in this sequence takes
-precedence and overwrites the parts that are also present for the first
-method.
+.method: If set to GET then then the parsed query arguments will be used. This settings are useful if you use URL processing extensions like Real URL, which translate part of the path into query arguments.
 
 .exclude: List of query arguments to exclude from the link (eg L or cHash).]]></description>
                        <default><![CDATA[