From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <s.sterz@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 6EF249346F
 for <pve-devel@lists.proxmox.com>; Tue,  9 Apr 2024 10:34:52 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 4EF41188AD
 for <pve-devel@lists.proxmox.com>; Tue,  9 Apr 2024 10:34:22 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Tue,  9 Apr 2024 10:34:21 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id C348642D8F
 for <pve-devel@lists.proxmox.com>; Tue,  9 Apr 2024 10:34:20 +0200 (CEST)
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Tue, 09 Apr 2024 10:34:19 +0200
Message-Id: <D0FGCEX811IC.IOA5Q4DK7YXC@proxmox.com>
From: "Stefan Sterz" <s.sterz@proxmox.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>
X-Mailer: aerc 0.17.0-69-g65571b67d7d3-dirty
References: <20240409081611.46106-1-f.weber@proxmox.com>
In-Reply-To: <20240409081611.46106-1-f.weber@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.071 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [proxmox.com, sencha.com]
Subject: Re: [pve-devel] [PATCH widget-toolkit v4] window: edit: avoid
 sharing custom config objects between subclasses
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2024 08:34:52 -0000

On Tue Apr 9, 2024 at 10:16 AM CEST, Friedrich Weber wrote:
> Currently, `Proxmox.window.Edit` initializes `extraRequestParams` and
> `submitOptions` to two objects that, if not overwritten, are shared
> between all instances of subclasses. This bears the danger of
> modifying the shared object in a subclass instead of overwriting it,
> which affects all edit windows of the current session and can cause
> hard-to-catch GUI bugs.
>
> One such bug is the following: Currently, the `PVE.pool.AddStorage`
> component inadvertently adds `poolid` to an `extraRequestParams`
> object that is shared between all instances of `Proxmox.window.Edit`.
> As a result, after adding a storage to a pool, opening any edit window
> will send a GET request with a superfluous `poolid` parameter and
> cause an error in the GUI:
>
> > Parameter verification failed. (400)
> > poolid: property is not defined in schema and the schema does not
> > allow additional properties
>
> This breaks all edit windows of the current session. A workaround is
> to reload the current browser session.
>
> To avoid this class of bugs in the future, implement a constructor
> that makes copies of `extraRequestParams` and `submitOptions`. This
> ensures that any subclass instance modifies only its own copies, and
> modifications do not leak to other subclass instances.
>
> Suggested-by: Stefan Sterz <s.sterz@proxmox.com>
> Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
> Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
> ---
>
> Notes:
>     @Thomas, I've added a Suggested-by, feel free to remove/keep as you
>     prefer.
>
>     Changes from v3:
>     - Fix broken pool edit window (thx sterzy!) by passing all arguments
>       to `callParent`. The `initConfig` call is obsolete as the construct=
or
>       of `Ext.Component` [1] calls `initConfig` already.
>
>     Changes from v1+v2:
>     - As suggested by sterzy (thx!), avoid this class of bugs in a more
>       generic fashion by introducing a `Proxmox.window.Edit` constructor
>       that copies custom config objects
>     - Added full error message to commit message for better searchability
>
>     v3: https://lists.proxmox.com/pipermail/pve-devel/2024-April/062657.h=
tml
>     v2: https://lists.proxmox.com/pipermail/pve-devel/2024-April/062561.h=
tml
>     v1: https://lists.proxmox.com/pipermail/pve-devel/2024-March/062179.h=
tml
>
>     [1] https://docs.sencha.com/extjs/7.0.0/classic/src/Component.js.html=
#line2203
>
>  src/window/Edit.js | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/src/window/Edit.js b/src/window/Edit.js
> index d4a2b551..c55ff793 100644
> --- a/src/window/Edit.js
> +++ b/src/window/Edit.js
> @@ -69,6 +69,15 @@ Ext.define('Proxmox.window.Edit', {
>      // onlineHelp of our first item, if set.
>      onlineHelp: undefined,
>
> +    constructor: function(conf) {
> +	let me =3D this;
> +	// make copies in order to prevent subclasses from accidentally writing
> +	// to objects that are shared with other edit window subclasses
> +	me.extraRequestParams =3D Object.assign({}, me.extraRequestParams);
> +	me.submitOptions =3D Object.assign({}, me.submitOptions);
> +	me.callParent(arguments);
> +    },
> +
>      isValid: function() {
>  	let me =3D this;
>

this looks good to me, i've also tested this here, so consider this:

Tested-by: Stefan Sterz <s.sterz@proxmox>