#5399 closed enhancement (fixed)
Review metadata functions for irregularities
Reported by: | boonebgorges | Owned by: | boonebgorges |
---|---|---|---|
Milestone: | 2.0 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Core | Keywords: | 2nd-opinion |
Cc: |
Description
In rewriting our metadata functions, I identified a number of peculiarities in their implementation. Some are mere inconsistencies between component (like the format of the return value of _get_metadata() when no meta_key is passed). Some are, IMO, misplaced attempts at sanitization. And some are outright bugs, as when meta_keys are changed silently in the process of adding metadata.
This ticket will serve as a place to collect instances of these issues, and to begin to make recommendations for what can and cannot be fixed or improved.
Change History (14)
This ticket was mentioned in IRC in #buddypress-dev by boonebgorges. View the logs.
11 years ago
#5
@
11 years ago
A1 - Meta key sanitization removal
It's a little weird for devs to be using characeters outside [^a-zA-Z0-9_]
for their meta keys, but yeah, let WP handle meta keys.
A2 - Meta value trimming on deletion
B1, B2 - Strict type checking when fetching meta
No complaints here.
B3 - Getting meta with no meta key
For bp_activity_get_meta(), the return value is at least structured in a way where someone might use it. However, I think that the chance of breakage is fairly slight, and we can publicize it prior to release. I recommend that we move to the BP return format.
So to confirm, you want to move to the WP format or the BP format? Regardless, I'm fine with either option.
#6
@
11 years ago
So to confirm, you want to move to the WP format or the BP format?
Oops! I mean the WP format. Good catch.
#13
@
11 years ago
- Resolution set to fixed
- Status changed from assigned to closed
OK, I believe this is done. Our meta functions now behave nearly identically to their WP brethren, with the exception that ours let you delete all meta for a given object by omitting the meta_key (bonus!). Thanks for your feedback, everyone!
Here's a summary of the problems I see. For the most part, the same problems persist across all four components (activity, blogs, groups, xprofile). I'll highlight when there are separate concerns.
The problems are organized into categories. The first are what I see as outright bugs, quirks that do not serve the intended purpose and introduce undesirable behavior. The second are points where we are inconsistent, either internally or with the behavior of the WP functions. In my view, the first category of bugs should be fixed immediately. The second category should be considered on a case by case basis; I'll give arguments for each below.
A. Bugs
|[^a-zA-Z0-9_]
. This in itself is kinda silly. The really bad part is that we silently strip these characters from the meta_key in nearly every meta function. That means that, eg, the following two function calls will overwrite each other, but give no indication that they've done so:See related unit test: https://buddypress.trac.wordpress.org/browser/trunk/tests/testcases/activity/functions.php#L125
This is obviously incorrect. My recommendation is that we remove the "sanitization" altogether and let WP deal with it. If this is unacceptable for some reason, let's start returning false when there are illegal keys, to indicate failure.
and, moreover, there is no way to delete metadata only where the value is ' bar ' (which is what you'd think the first one would do). My recommendation is that we remove this trimming.
B. Inconsistencies
Core metadata functions *do* return false on outright failure, like when you don't pass a proper object id:
My recommendation is that we change our behavior to align with WP: return
''
when a value is not found, and return false for miscellaneous errors. The only potential problem is when someone is doing a strict check against the return value of one of these functions:I couldn't find any examples of this kind of thing in the plugin repo, and I find it highly unlikely that there are real-world examples of it. So the risk is fairly low.
Our update_ functions, on the other hand, return true in both cases. My recommendation is that we adopt the WP approach. The danger would be strict type checking in plugins:
But again, I'm very doubtful that anyone is doing this.
BP's current implementation is inconsistent across components.
It's pretty clear to me that the second variation, where meta_keys are not returned, is more or less useless. For this reason, I think we can safely assume that no one is actually using it, and we can use the WP return format. For bp_activity_get_meta(), the return value is at least structured in a way where someone might use it.
However, I think that the chance of breakage is fairly slight, and we can publicize it prior to release. I recommend that we move to the WP return format.
==
Thanks for reading this far :) Feedback welcome on each item: A1, A2, B1, B2, B3.