CIWEMB-635: Fix membership form using wrong price set during submission#209
CIWEMB-635: Fix membership form using wrong price set during submission#209erawat merged 1 commit into5.75.0-patchesfrom
Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request addresses a critical bug in the membership creation process within the back-office form. Previously, when a non-quick-config price set was selected, the system would incorrectly revert to a default price set during submission, causing a database constraint violation due to missing membership_type_id. The changes ensure that the user's chosen price set is correctly identified and used, preventing these errors and improving the reliability of membership creation. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The pull request aims to fix a bug where the wrong price set was being used on a membership form. The change adds a fallback to read the price set ID directly from the POST data. While the fix is logically correct, it introduces a direct access to the $_POST superglobal, which is a security concern and against best practices. My review includes a suggestion to use the framework's CRM_Utils_Request::retrieve utility instead, which is safer and more idiomatic for this codebase.
| if (!$this->_priceSetId && !empty($_POST['price_set_id'])) { | ||
| $this->_priceSetId = (int) $_POST['price_set_id']; | ||
| } |
There was a problem hiding this comment.
Directly accessing superglobals like $_POST is discouraged as it can bypass framework-level validation and sanitization, posing a potential security risk. It's better to use the framework's utilities for handling request data. In this case, CRM_Utils_Request::retrieve should be used to safely get the value from the POST data. This also avoids a potential bug with empty('0') evaluating to true, which could cause issues if a price set had an ID of 0.
if (!$this->_priceSetId) {
$this->_priceSetId = CRM_Utils_Request::retrieve('price_set_id', 'Integer', 'POST', FALSE);
}
…ons on membership form PR: civicrm#35145
erawat
force-pushed
the
CIWEMB-635-5.75.0-patch
branch
from
94c8ebc to
e5c7be8
Compare
2 participants
Summary
Patch for CIWEMB-635: Fixes DB constraint violation when creating membership via non-quick-config price set on the back-office membership form.
getPriceSetID()falls back to the default quick-config price set instead of the one selected by the user, causingmembership_type_idto be missing from the INSERT.Core PR: civicrm#35144
Patch commit