Exception thrown on batch edit when the form has errors

[jajm]

Theoretically, the only way this form can have errors is if the CSRF token is invalid/expired, so it's not a major issue, but when it happens, instead of having the form rendered with an error message, we have an exception:

Zend\View\Exception\InvalidArgumentException
Array provided to Escape helper, but flags do not allow recursion

Détails :

Zend\View\Exception\InvalidArgumentException: Array provided to Escape helper, but flags do not allow recursion in /home/omekas/omeka-s/vendor/zendframework/zend-view/src/Helper/Escaper/AbstractHelper.php:56
Stack trace:
#0 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/AbstractHelper.php(260): Zend\View\Helper\Escaper\AbstractHelper->__invoke(Array)
#1 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormInput.php(133): Zend\Form\View\Helper\AbstractHelper->createAttributesString(Array)
#2 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormInput.php(101): Zend\Form\View\Helper\FormInput->render(Object(Zend\Form\Element\Hidden))
#3 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormElement.php(174): Zend\Form\View\Helper\FormInput->__invoke(Object(Zend\Form\Element\Hidden))
#4 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormElement.php(204): Zend\Form\View\Helper\FormElement->renderHelper('formhidden', Object(Zend\Form\Element\Hidden))
#5 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormElement.php(114): Zend\Form\View\Helper\FormElement->renderType(Object(Zend\Form\Element\Hidden))
#6 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormElement.php(88): Zend\Form\View\Helper\FormElement->render(Object(Zend\Form\Element\Hidden))
#7 [internal function]: Zend\Form\View\Helper\FormElement->__invoke(Object(Zend\Form\Element\Hidden))
#8 /home/omekas/omeka-s/vendor/zendframework/zend-view/src/Renderer/PhpRenderer.php(397): call_user_func_array(Object(Zend\Form\View\Helper\FormElement), Array)
#9 /home/omekas/omeka-s/application/view/common/form-row.phtml(10): Zend\View\Renderer\PhpRenderer->__call('formElement', Array)
#10 /home/omekas/omeka-s/vendor/zendframework/zend-view/src/Renderer/PhpRenderer.php(506): include('/home/omekas/om...')
#11 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormRow.php(160): Zend\View\Renderer\PhpRenderer->render(NULL, NULL)
#12 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormRow.php(111): Zend\Form\View\Helper\FormRow->render(Object(Zend\Form\Element\Hidden), 'prepend')
#13 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormCollection.php(118): Zend\Form\View\Helper\FormRow->__invoke(Object(Zend\Form\Element\Hidden))
#14 /home/omekas/omeka-s/vendor/zendframework/zend-form/src/View/Helper/FormCollection.php(88): Zend\Form\View\Helper\FormCollection->render(Object(Omeka\Form\ResourceBatchUpdateForm))
#15 [internal function]: Zend\Form\View\Helper\FormCollection->__invoke(Object(Omeka\Form\ResourceBatchUpdateForm), false)
#16 /home/omekas/omeka-s/vendor/zendframework/zend-view/src/Renderer/PhpRenderer.php(397): call_user_func_array(Object(Zend\Form\View\Helper\FormCollection), Array)
#17 /home/omekas/omeka-s/application/view/omeka/admin/item/batch-edit.phtml(22): Zend\View\Renderer\PhpRenderer->__call('formCollection', Array)
#18 /home/omekas/omeka-s/vendor/zendframework/zend-view/src/Renderer/PhpRenderer.php(506): include('/home/omekas/om...')
#19 /home/omekas/omeka-s/vendor/zendframework/zend-view/src/View.php(207): Zend\View\Renderer\PhpRenderer->render(NULL)
#20 /home/omekas/omeka-s/vendor/zendframework/zend-view/src/View.php(236): Zend\View\View->render(Object(Zend\View\Model\ViewModel))
#21 /home/omekas/omeka-s/vendor/zendframework/zend-view/src/View.php(200): Zend\View\View->renderChildren(Object(Zend\View\Model\ViewModel))
#22 /home/omekas/omeka-s/vendor/zendframework/zend-mvc/src/View/Http/DefaultRenderingStrategy.php(105): Zend\View\View->render(Object(Zend\View\Model\ViewModel))
#23 /home/omekas/omeka-s/vendor/zendframework/zend-eventmanager/src/EventManager.php(322): Zend\Mvc\View\Http\DefaultRenderingStrategy->render(Object(Zend\Mvc\MvcEvent))
#24 /home/omekas/omeka-s/vendor/zendframework/zend-eventmanager/src/EventManager.php(171): Zend\EventManager\EventManager->triggerListeners(Object(Zend\Mvc\MvcEvent))
#25 /home/omekas/omeka-s/vendor/zendframework/zend-mvc/src/Application.php(367): Zend\EventManager\EventManager->triggerEvent(Object(Zend\Mvc\MvcEvent))
#26 /home/omekas/omeka-s/vendor/zendframework/zend-mvc/src/Application.php(348): Zend\Mvc\Application->completeRequest(Object(Zend\Mvc\MvcEvent))
#27 /home/omekas/omeka-s/index.php(21): Zend\Mvc\Application->run()
#28 {main}

Since modules can add new elements/input filters to this form, this can happen in other scenarios as well.

The easiest way to trigger the bug is to decrease the CSRF timeout in application/src/Form/Initializer/Csrf.php to 1 second and to start a batch edit, select either "Public" or "Not public" in "Set value visibility", then submit the form.

This is due to the fact that it tries to render 'value' and 'set_value_visibility' as hidden inputs whereas the values we just submitted for these elements are arrays