From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id D291591564 for ; Thu, 4 Apr 2024 11:01:34 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B3FC434BAF for ; Thu, 4 Apr 2024 11:01:34 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Thu, 4 Apr 2024 11:01:31 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id E8A2D424F8 for ; Thu, 4 Apr 2024 11:01:30 +0200 (CEST) Message-ID: Date: Thu, 4 Apr 2024 11:01:29 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: Proxmox VE development discussion , Stefan Sterz References: <20240403091010.11544-1-f.weber@proxmox.com> <20240403091010.11544-4-f.weber@proxmox.com> Content-Language: en-US From: Friedrich Weber In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.074 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pve-devel] [PATCH widget-toolkit 3/3] window: edit: avoid shared object for extra request params X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Apr 2024 09:01:34 -0000 On 04/04/2024 10:22, Stefan Sterz wrote: > On Wed Apr 3, 2024 at 11:10 AM CEST, Friedrich Weber wrote: >> Currently, `Proxmox.window.Edit` initializes `extraRequestParams` to >> an object that, if not overwritten, is shared between all instances of >> subclasses. This bears the danger of modifying the shared object in a >> subclass instead of overwriting it, which affects all edit windows of >> the current session and can cause hard-to-catch UI bugs [1]. >> >> To avoid such bugs in the future, initialize `extraRequestParams` to >> `undefined` instead, which forces subclasses to initialize their own >> objects. >> >> Note that bugs of the same kind can still happen if a subclass >> initializes `extraRequestParams` to an empty shared object and >> inadvertently modifies it, but at least they will be limited to that >> particular subclass. >> >> [1] https://lists.proxmox.com/pipermail/pve-devel/2024-March/062179.html >> >> Signed-off-by: Friedrich Weber >> --- >> >> Notes: >> With patch 2/3 applied, I think all occurrences of >> `extraRequestParams` in PVE/PBS create their own object (PMG does not >> seem to use `extraRequestParams`), so this patch should not break >> anything, and if it does, it should be quite noticeable. >> >> new in v2 >> >> src/window/Edit.js | 8 +++++--- >> 1 file changed, 5 insertions(+), 3 deletions(-) >> >> diff --git a/src/window/Edit.js b/src/window/Edit.js >> index d4a2b551..27cd8d01 100644 >> --- a/src/window/Edit.js >> +++ b/src/window/Edit.js >> @@ -9,7 +9,7 @@ Ext.define('Proxmox.window.Edit', { >> >> // to submit extra params on load and submit, useful, e.g., if not all ID >> // parameters are included in the URL >> - extraRequestParams: {}, >> + extraRequestParams: undefined, >> >> resizable: false, >> >> @@ -80,7 +80,9 @@ Ext.define('Proxmox.window.Edit', { >> let me = this; >> >> let values = {}; >> - Ext.apply(values, me.extraRequestParams); >> + if (me.extraRequestParams) { >> + Ext.apply(values, me.extraRequestParams); >> + } >> >> let form = me.formPanel.getForm(); >> >> @@ -209,7 +211,7 @@ Ext.define('Proxmox.window.Edit', { >> waitMsgTarget: me, >> }, options); >> >> - if (Object.keys(me.extraRequestParams).length > 0) { >> + if (me.extraRequestParams && Object.keys(me.extraRequestParams).length > 0) { >> let params = newopts.params || {}; >> Ext.applyIf(params, me.extraRequestParams); >> newopts.params = params; > > i did a quick an dirty test and using a constructor like this seems to > rule out this class of bug completelly: > > ```js > constructor: function(conf) { > let me = this; > me.extraRequestParams = {}; > me.initConfig(conf); > me.callParent(); > }, > ``` > > basically it configures the edit window as usual, but overwrites the > `extraRequestParams` object for each instance with a new empty object. > so there are no more shared objects :) could you check whether that also > fixes the other instances? > > [1]: https://docs-devel.sencha.com/extjs/7.0.0/classic/Ext.window.Window.html#method-constructor Nifty, didn't think about a constructor solution. Such a general solution would be way more elegant, thanks for suggesting it! However, this particular constructor seems to break the pattern of defining `extraRequestParams` in the subclass properties, as done by `PVE.Pool.AddVM` [1]. With the constructor above, the API request done by `AddVM` seems to be missing the `allow-move` parameter. Looks like once `PVE.Pool.AddVM` is instantiated and the constructor is called, `extraRequestParams` with `allow-move` is only defined in `me.__proto__`, so `me.extraRequestParams = {}` essentially shadows it with an empty object, losing the `allow-move`. Do you have an idea how to fix this? Maybe making a copy of `extraRequestParams` would work (I suppose the overhead of creating a new object for all edit window (subclass) instances is negligible). [1] https://git.proxmox.com/?p=pve-manager.git;a=blob;f=www/manager6/grid/PoolMembers.js;h=75f20cab;hb=4b06efb5#l9