search

mojolicious / mojo

:sparkles: Mojolicious - Perl real-time web framework
https://mojolicious.org
Artistic License 2.0
2.66k stars 576 forks source link

:action cannot be used as placeholder anymore :( #1710

Closed ginesr closed 3 years ago

ginesr commented 3 years ago

Steps to reproduce the behavior

$r->get('/:action')->to(controller=>'controller-whatever'); worked if 'action' is a method in the class controller before

Expected behavior

To work like it was in mojo 8.x

Actual behavior

It dies with an error that action cannot be used as placeholder

kraih commented 3 years ago

That is very much intentional, and a new security feature.

ginesr commented 3 years ago

:( so I need to dispatch all by myself now? What is the recommended option here? I have to change a lot of routes now ...

kraih commented 3 years ago

Loop over a list of actions to generate routes.

shadowcat-mst commented 3 years ago

Writing a 'foreach' route is better than being a giant security risk.

Using :action was always on the same level as "not using placeholders in your SQL" in terms of being unwise.

It's been deprecated and recommended against for years.

I'm sorry this is going to be inconvenient but it really will make your code better as a result.

kraih commented 3 years ago

The feature discussion btw., nobody brought up objections. https://github.com/mojolicious/mojo/discussions/1663#discussioncomment-342395

ginesr commented 3 years ago

Ok thanks for the response