FAQ | This is a LIVE service | Changelog

Skip to content

Remove obsolete code for sort sanitizing

Dr Catherine Pitt requested to merge maths into master

We were getting an error on Chemistry's Hotwire3 running on PHP 8.1 when people searched on a view which had a default sort order defined on a hid column (specifically People/Personnel_Phone, which sorts by a _title_hid column).

The error was in dbBase.php's attempts to check sort parameters: the function sanitiseSort() is called as part of the getPostVars() call in the constructor for dbBase to do this. If the view has a hid column with a default sort defined, sanitiseSort() calls dbBase's database_entity_exists() to check for a column ending _sort in the underlying hid table, which involves making an SQL query. But at this point in the code no connection to the database has yet been made, and an undefined object gets passed to pg_query_params(), which in PHP 8.1 produces an error.

In PHP versions before 8.1 the same code runs without complaint even though pg_query_params() is still been passed an undefined object; it's not entirely clear to me why this works and the PHP documentation isn't helping, but possibly the query just fails silently. The changes around database handle object types and subsequent removal of the handle caching code in e876ae6e wouldn't have made any difference, because this code is called before the check for a cached handle even happens.

The purpose of looking for special sort configuration for a column whose name ends '_hid' isn't clear to me. Normal foreign key columns are suffixed '_id' not '_hid', and if we happen to join against a _hid /table/ in a view definition in order to use it in a search there is no need to name the resulting view column anything in particular; adding a suffix of '_hid' just seems confusing. And it seems the code could not have worked as intended anyway.

This change completely removes the check for sorts on columns named with a '_hid' suffix, and the supporting functions hid_table_has_sort() and is_hid_field(), which are used nowhere else. It removes some commented code in dbSortList.php which referenced hid_table_has_sort() and had been there since before Hotwire was under version control, and fixes the comment block on the dbBase database_entity_exists() method which was used by hid_table_has_sort().

Merge request reports