[pve-devel] [PATCH widget-toolkit v3] window: edit: avoid sharing custom config objects between subclasses

Friedrich Weber f.weber at proxmox.com
Mon Apr 8 11:30:19 CEST 2024 

Currently, `Proxmox.window.Edit` initializes `extraRequestParams` and
`submitOptions` to two objects that, if not overwritten, are shared
between all instances of subclasses. This bears the danger of
modifying the shared object in a subclass instead of overwriting it,
which affects all edit windows of the current session and can cause
hard-to-catch GUI bugs.

One such bug is the following: Currently, the `PVE.pool.AddStorage`
component inadvertently adds `poolid` to an `extraRequestParams`
object that is shared between all instances of `Proxmox.window.Edit`.
As a result, after adding a storage to a pool, opening any edit window
will send a GET request with a superfluous `poolid` parameter and
cause an error in the GUI:

> Parameter verification failed. (400)
> poolid: property is not defined in schema and the schema does not
> allow additional properties

This breaks all edit windows of the current session. A workaround is
to reload the current browser session.

To avoid this class of bugs in the future, implement a constructor
that makes copies of `extraRequestParams` and `submitOptions`. This
ensures that any subclass instance modifies only its own copies, and
modifications do not leak to other subclass instances.

Suggested-by: Stefan Sterz <s.sterz at proxmox.com>
Suggested-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
Signed-off-by: Friedrich Weber <f.weber at proxmox.com>
---

Notes:
    @Thomas, I've added a Suggested-by, feel free to remove/keep as you
    prefer.
    
    Changes from v1+v2:
    - As suggested by sterzy (thx!), avoid this class of bugs in a more
      generic fashion by introducing a `Proxmox.window.Edit` constructor
      that copies custom config objects
    - Added full error message to commit message for better searchability
    
    v2: https://lists.proxmox.com/pipermail/pve-devel/2024-April/062561.html
    v1: https://lists.proxmox.com/pipermail/pve-devel/2024-March/062179.html

 src/window/Edit.js | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/window/Edit.js b/src/window/Edit.js
index d4a2b551..d5163dd7 100644
--- a/src/window/Edit.js
+++ b/src/window/Edit.js
@@ -69,6 +69,16 @@ Ext.define('Proxmox.window.Edit', {
     // onlineHelp of our first item, if set.
     onlineHelp: undefined,
 
+    constructor: function(conf) {
+	let me = this;
+	// make copies in order to prevent subclasses from accidentally writing
+	// to objects that are shared with other edit window subclasses
+	me.extraRequestParams = Object.assign({}, me.extraRequestParams);
+	me.submitOptions = Object.assign({}, me.submitOptions);
+	me.initConfig(conf);
+	me.callParent();
+    },
+
     isValid: function() {
 	let me = this;
 
-- 
2.39.2

More information about the pve-devel mailing list