TypeError on addCommentGrades in case of empty request

[clotairer]

Questions	Answers
Description?	URL like /module/productcomments/PostComment?id_product=2 is exposed on html form. Even if the form has a method POST, some bot crawl this URL and error 500 append : Uncaught exception 'TypeError' with message 'Argument 2 passed to ProductCommentsPostCommentModuleFrontController::addCommentGrades() must be of the type array, bool given, called in modules/productcomments/controllers/front/PostComment.php on line 100' in modules/productcomments/controllers/front/PostComment.php:135 in ProductCommentsPostCommentModuleFrontController::addCommentGrades called at modules/productcomments/controllers/front/PostComment.php (100) in ProductCommentsPostCommentModuleFrontController::display called at classes/controller/Controller.php (331) in ControllerCore::run called at /var/www/prod/classes/Dispatcher.php (518) in DispatcherCore::dispatch called at index.php (28) I realized that validation are not done properly and after the persistence of data and criterions are not done.
Type?	bug fix
BC breaks?	no
Deprecations?	no
Fixed ticket?	Fixes PrestaShop/PrestaShop#27534.
How to test?	Just call this URL /module/productcomments/PostComment?id_product=2 The response code should be 200

[khouloudbelguith]

Hi @clotairer,

I checked this PR with 178x branch & develop branch.
I have the same behavior.
Steps to reproduce the behavior:

1. Install the Module
2. Go to FO > Sign in
3. View a product > for example id_product = 6
4. Add a comment
5. Go to BO > Module manager > Configure productcomments module & approve the comment
6. No try to navigate to this link: shop.com/en/module/productcomments/PostComment?id_product=6
7. the json request => ok but I need a confirmation about the result
   {"success":false,"errors":["Title cannot be empty","Criterions not available"]}
   

Because
In the BO > Module manager > Configure productcomments module
I have two criteria

The first is created by default, and the second is created by me

As I understand from this link: https://github.com/PrestaShop/productcomments/pull/132/files#diff-348aae0600a167b478b48da3c072ab70f44976f523d50f298f9857eece26375bR206-R208

We should have this message Criterions not available only when the criteria is empty
I'm not sure what is the exact behavior.
Ping @PrestaShop/product-team what do you think?

Thanks!

[clotairer]

I merge $this->validateComment($productComment) and $this->validateCriterions($criterions)to show all errors on the front in the same time (more friendly for the customer).
So if in the form (Or send url in GET) the name and criterions is empty I choose to return both error.

The case have not cover is :

• if someone "hack" the html form an send a request on an existing criterion but not assign to the category of your product the hacker, you can "rate" on this criterion. It's not very useful but spam bot can do that...
• I've add a @todo because, previously this bug already exists (and worst don't very if the criterion exist !!!) but it's a big work to fix it.

[khouloudbelguith]

Hi @clotairer,

Thanks for your feedback.
I checked with @Progi1984, we confirm the JSON result.
I tested with 178x branch & develop branch => OK ✔️

Untitled_.Feb.9.2022.5_33.PM.mp4

We have four cases:

1. Not connected + Allow guest reviews disabled
   => {"success":false,"error":"You need to be <a href=\"http:\/\/0.0.0.0:8081\/178x\/en\/my-account\">logged in<\/a> or <a href=\"http:\/\/0.0.0.0:8081\/178x\/en\/login?create_account=1\">create an account<\/a> to post your review."}
2. Not connected + Allow guest reviews enabled
   => {"success":false,"errors":["Title cannot be empty","Customer name cannot be empty","Criterions not available"]}
3. Connected
   => {"success":false,"errors":["Title cannot be empty","Criterions not available"]}
4. When we add a review > Minimum time between 2 reviews from the same user
   => {"success":false,"error":"You are not allowed to post a review at the moment, please try again later."}

Thanks!

[Progi1984]

Thanks @clotairer & @khouloudbelguith