Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Where is data stored? #1

Open
pmsteil opened this issue May 19, 2021 · 1 comment
Open

Where is data stored? #1

pmsteil opened this issue May 19, 2021 · 1 comment

Comments

@pmsteil
Copy link

pmsteil commented May 19, 2021

Hello, we added some bad data in the admin

I think my developer add something like this for the value:

data:application/vnd.ms-fontobject;

and the admin now gets a fatal error:

{
  "0": "Unable to unserialize value. Error: Control character error, possibly incorrectly encoded",
  "1": "#1 CtiDigital\\CspWhitelist\\Helper\\Configuration->getPolicies() called at [vendor/ctidigital/magento2-csp-whitelist/Plugin/CspWhitelist.php:53]\n#2 CtiDigital\\CspWhitelist\\Plugin\\CspWhitelist->aroundCollect() called at [generated/code/Magento/Csp/Model/Collector/CspWhitelistXmlCollector/Interceptor.php:42]\n#3 Magento\\Csp\\Model\\Collector\\CspWhitelistXmlCollector\\Interceptor->collect() called at [generated/code/Magento/Csp/Model/Collector/CspWhitelistXmlCollector/Proxy.php:95]\n#4 Magento\\Csp\\Model\\Collector\\CspWhitelistXmlCollector\\Proxy->collect() called at [vendor/magento/module-csp/Model/CompositePolicyCollector.php:76]\n#5 Magento\\Csp\\Model\\CompositePolicyCollector->collect() called at [vendor/magento/module-csp/Model/CspRenderer.php:44]\n#6 Magento\\Csp\\Model\\CspRenderer->render() called at [vendor/magento/module-csp/Observer/Render.php:41]\n#7 Magento\\Csp\\Observer\\Render->execute() called at [vendor/magento/framework/Event/Invoker/InvokerDefault.php:88]\n#8 Magento\\Framework\\Event\\Invoker\\InvokerDefault->_callObserverMethod() called at [vendor/magento/framework/Event/Invoker/InvokerDefault.php:74]\n#9 Magento\\Framework\\Event\\Invoker\\InvokerDefault->dispatch() called at [vendor/magento/framework/Event/Manager.php:66]\n#10 Magento\\Framework\\Event\\Manager->dispatch() called at [vendor/magento/framework/App/Http.php:131]\n#11 Magento\\Framework\\App\\Http->launch() called at [vendor/magento/framework/App/Bootstrap.php:263]\n#12 Magento\\Framework\\App\\Bootstrap->run() called at [pub/index.php:40]\n",
  "report_id": "8d5c510bf1598d30ea08fabf1638f7b532819e677f854ca9147520ea7f3de572",
  "script_name": "/index.php",
  "url": "/magadmin"
}

I don't see any reference to sql queries in the code nor do I see any SQL tables in my database that look like they are storing this data so that we can remove this?

How do we remove this entry manually?

And can you add some additional data validation so something like this won't kill the module :) We can do it if you will accept a PR and can point us to where it needs to happen :)

Thanks!
@Sansum
Copy link

Sansum commented May 24, 2021

Hey Pmsteil,

Thanks for using the module.

The policies are using the default magento system config (dynamic rows). Therefore you can see the values stored in the core_config_data (csp/general/policies)

I will have a look at adding some validation into the fields and a catch should the unserialise function fail so it doesn't break anything. There are a couple improvements inbound so I will try and bundle them all up for a release.

Thanks,
James Sansum

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pmsteil @Sansum