You are not logged in.
Hi, I've faced with an issue in my MVP applications based on services via interfaces approach.
I don't know when ab changed TServiceMethodArgument.FromJSON implementation
The issue is that RawUTF8 parameters failed to obtain value if user type numbers for text fields (which is legal in many cases).
Simple example:
IBlackHole = interface(IMVCApplication)
['{9A60C8ED-CEB2-4E09-87D4-4A16F496E5FE}']
procedure Catch(const Beam: RawUTF8; out Scope: Variant);
end;
And related front-end:
<form action="catch" method="post"><input type="text" name="beam"></form>
If user type any number (like '5' instead of 'Beam42') in such text field the application is crushed with missing or invalid value exception.
Previous mORMot builds takes number values for RawUTF8 parameters without any issue.
Here is the problem place:
mORMot.pas: 60228
Val := GetJSONField(R,R,@wasString,nil,@ValLen);
if (Val=nil) or (wasString<>(vIsString in ValueKindAsm)) then begin
RaiseError('missing or invalid value');
exit;
end;
The GetJSONField returns wasString=false if string with digits-only is passed from text fields or other remote clients.
But vIsString in ValueKindAsm = True because we declare interface parameter as RawUTF8 string.
So as for now any text field in any form is damaged if user enters any digits instead of text.
In all interfaces of all services in all projects replace RawUTF8 parameters to Variants and use local variables to convert this variant to RawUTF8 with VariantToRawUTF8 routine. But this is really expensive operation and requires huge code refactoring in all my projects just to ensure that user can type digits in text fields.
I think this problem is also impacts array81 as he mentioned earlier.
As I understand he tried to use empty values '' for some fields which is also legal in many cases and got the same exception (Val=nil ?).
Offline
Just now run the standard mORMot 1.18.4812\SQLite3\Samples\30 - MVC Server BLOG application example and type '7' in Username field on the top of the screen then press Login button - the same exception crushed the app.
And another case push Login button with empty Username and Password - app crushed again (the array81 case).
Offline
The problem is not in mORMot.pas: 60228 which expects correct JSON.
The problem is before that: the incoming HTML fields are converted into JSON, but with no field type known at that time, so it guess the kind of content from the value itself.
In TMVCRunOnRestServer.InternalRunOnRestServer, Ctxt.InputAsTDocVariant is used, which created the TDocVariant from the data value itself.
I have added proper MVC value decoding from RTTI, and also fixed null problems.
See https://synopse.info/fossil/info/36a766021d
Offline
Thanks, fix confirmed
Offline