Sybille Peters is willing to take over LinkValidator.
The intention is to make the overall module easier to use, revise parts of the architecture (###MARKERS_YOU_KNOW###) and have it provide more value overall.
While digging through the code we found that it uses a serialised PHP array in its data storage.
We’d like to replace this with a JSON data structure.
Security is is most obvious benefit, being able to query and or update records directly is another one.
Impact
Manually inserting serialised arrays will no longer work.
Hooks for LinkValidator that insert data are out of luck.
Possible Migrations
Add a new field for url_response (like url_response_json). Upon data retrieval we could check if unserialize of url_response returns an array and if so, transfer the data over into the JSON field.
Pro
One place less that uses unserialize
One attack vector less
Con
Arguably breaking chance.
Remarks and notes
…
Organizational
Topic Initiator: Mathias Schreiber
Topic Mentor: Christian Kuhn
In the last days, I wrote the ppi_tvplus_linkvalidator plugin, so TV flexform can be searched. So I looked inside the code and yes, it is a little hell. JSON or serialized, I don’t mind, but I would like to have a better possibility as extension to add functionality to Link Validator. So I offer to help reviewing the patches.
And, I’m fine with breaking, as I didn’t found another TER extension which depends on LinkValidator.
Searching for links in Flexforms is something I didn’t think of yet, but I think it should be available.
Although I consider content (other than configuration) a no-go in flexforms people seem to actively use it.
I woud suggest getting together with Sybille once she has the basics of link-analysis down so flexform lookup of links becomes a first-class citizen of linkvalidator.
@opi99 About extensibility: the currently available hooks should definitely be preserved and possibly be extended. I think it might be a good idea, if you also comment the already existing issue (https://forge.typo3.org/issues/59502), I will be watching it closely.
The problem with linkvalidator is: It looks easy and straightforward at first, but it’s actually not. There are lots of things to consider and these are easily overlooked.
Having more people to review the patches and test would definitely be a huge help.