What happened?
Description
Any GQL query with the string __schema or __type in it, even if as part of other field names or type names or argument names or literal values or even a comment, is currently a signal to Craft that it's an introspection query, and this affects the validation logic.
Steps to reproduce
-
Put a breakpoint or log near https://github.com/craftcms/cms/blob/5.x/src/services/Gql.php#L505
-
Run a query which has the string __schema or __type. It can be in a comment. Something as simple as
query { entries(limit: 1) {
id # This is a comment. x__type__x
} }
Expected behavior
Not treated as an introspection query.
Actual behavior
Treated as an introspection query.
Commentary
I have no idea how serious an issue this is. It's just something I noticed while looking at internals to figure out how the surrounding events can be used.
It looks from getValidationRules like complexity and depth rules will be ignored if Craft thinks it's an introspection query, and I would venture a guess that this could potentially cause issues where those features are in use.
Craft CMS version
5.x (tip at time of writing is 3824371)
PHP version
No response
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
No response
What happened?
Description
Any GQL query with the string
__schemaor__typein it, even if as part of other field names or type names or argument names or literal values or even a comment, is currently a signal to Craft that it's an introspection query, and this affects the validation logic.Steps to reproduce
Put a breakpoint or log near https://github.com/craftcms/cms/blob/5.x/src/services/Gql.php#L505
Run a query which has the string
__schemaor__type. It can be in a comment. Something as simple asExpected behavior
Not treated as an introspection query.
Actual behavior
Treated as an introspection query.
Commentary
I have no idea how serious an issue this is. It's just something I noticed while looking at internals to figure out how the surrounding events can be used.
It looks from
getValidationRuleslike complexity and depth rules will be ignored if Craft thinks it's an introspection query, and I would venture a guess that this could potentially cause issues where those features are in use.Craft CMS version
5.x (tip at time of writing is 3824371)
PHP version
No response
Operating system and version
No response
Database type and version
No response
Image driver and version
No response
Installed plugins and versions
No response