search

kartik-v / yii2-tree-manager

An advanced tree management module using nested sets for Yii 2.
http://demos.krajee.com/tree-manager
Other
150 stars 107 forks source link

check signature failed when depth of breadcrumbs is set and its type is int #265

Closed sjg20010414 closed 4 years ago

sjg20010414 commented 4 years ago

Prerequisites

I use TreeView in my application. At first, I didn't set parameter breadcrumbs , it works fine. But afterwards, I won't show original root node, and I modified the code in the controller ($query) and set breadcrumbs' depth for TreeView just like: 'breadcrumbs' => [ 'depth' => 2, ], the treeview left can show as usual, but when I select a node in the tree, the detail form show the error message:

Operation Disallowed

Invalid request signature detected during tree data manage action! Please refresh the page and retry.
OLD HASH:
f99...........
NEW HASH:
0ab..........
## Steps to reproduce the issue 1. set the depth for the breadcrumbs of the treeview 2. the value of depth is integer type ## Expected behavior and actual behavior In my opinion, the depth is integer type, but error happened ## Environment #### Browsers - [x] Google Chrome - [ ] Mozilla Firefox (not tested) - [ ] Internet Explorer (not tested) - [ ] Safari (not tested) #### Operating System - [x] Windows - [ ] Mac OS X (not tested) - [x] Linux - [ ] Mobile (not tested) #### Libraries - jQuery version: v3.4.1 - yii2-tree-manager version: 1.1.3 ## Isolating the problem - [x] This bug happens only breadcrumbs' depth is set and its type is integer, use string as the value it disappears. ## Possible cause I digged into the source code of this component, and I found the method getParsedData in TreeSecurity.php: ``` protected static function getParsedData($defaults, $data, $callback = null) { $out = []; $hash = ''; foreach ($defaults as $key => $val) { $value = isset($data[$key]) ? $data[$key] : $val; $type = 'string'; if (is_bool($val)) { $value = (bool)$value; $type = 'bool'; } elseif (is_array($val)) { $value = empty($value) ? [] : (array)$value; $type = 'array'; } if (is_callable($callback)) { $value = $callback($type, $key, $value); } $out[$key] = $value; $hash .= $type === 'array' ? Json::encode($value) : $value; } $out['treeClass'] = ArrayHelper::getValue($out, 'modelClass', Tree::class); /** * @var Module $module */ $module = TreeView::module(); return ['data' => $out, 'hash' => Yii::$app->security->hashData($hash, $module->treeEncryptSalt)]; }``` the method getParsedData is used by the method **public static function parseManageData($data = [])** . When the method **public function renderDetail()** in TreeView.php use parseMangeData to caculate **$manageData**, the parameter about breadcrumbs is **breadcrumbs' => $this->breadcrumbs**, so the depth is integer type. When the method **public function actionManage()** in NodeController.php use parseMangeData to caculate **$parsedData**, the parameter about breadcrumbs is in the variable $data (**$data = static::getPostData();**), the depth is posted and its type is string. _2 and '2' are different for JSON_, and the hash value are different too. To fix this problem, we need some fix code,or as an easier alternative way, the author can modify the document and clearly mark the type of the depth of breadcrumbs string (see https://demos.krajee.com/tree-manager#treeview-breadcrumbs). --- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/91499345-check-signature-failed-when-depth-of-breadcrumbs-is-set-and-its-type-is-int?utm_campaign=plugin&utm_content=tracker%2F10339775&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F10339775&utm_medium=issues&utm_source=github).
stale[bot] commented 4 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.