korbit-ai[bot] commented on code in PR #33111:
URL: https://github.com/apache/superset/pull/33111#discussion_r2040754369
##########
superset-frontend/src/dashboard/actions/dashboardState.js:
##########
@@ -98,23 +98,25 @@ export function toggleFaveStar(isStarred) {
return { type: TOGGLE_FAVE_STAR, isStarred };
}
-export function fetchFaveStar(id) {
- return function fetchFaveStarThunk(dispatch) {
+export function fetchFavoriteStatus(dashboardId) {
+ return dispatch => {
return SupersetClient.get({
- endpoint: `/api/v1/dashboard/favorite_status/?q=${rison.encode([id])}`,
+ endpoint: `/api/v1/dashboard/${dashboardId}/favorite_status`,
})
.then(({ json }) => {
- dispatch(toggleFaveStar(!!json?.result?.[0]?.value));
+ dispatch({ type: FETCH_FAVORITE_STATUS_SUCCESS, isStarred:
json.is_starred });
})
- .catch(() =>
+ .catch(error => {
+ if (error.status === 404) {
+ return; // Silently ignore if dashboard is deleted
+ }
dispatch(
- addDangerToast(
t(
'There was an issue fetching the favorite status of this
dashboard.',
),
),
- ),
- );
+ );
+ });
};
}
Review Comment:
### Incorrect error dispatch syntax <sub></sub>
<details>
<summary>Tell me more</summary>
###### What is the issue?
The error handling code has incorrect syntax - dispatch() is called with a
translated string directly instead of an action creator.
###### Why this matters
This syntax error makes the code confusing to read and would cause runtime
errors since dispatch expects an action object, not a string.
###### Suggested change ∙ *Feature Preview*
```javascript
export function fetchFavoriteStatus(dashboardId) {
return dispatch => {
return SupersetClient.get({
endpoint: `/api/v1/dashboard/${dashboardId}/favorite_status`,
})
.then(({ json }) => {
dispatch({ type: FETCH_FAVORITE_STATUS_SUCCESS, isStarred:
json.is_starred });
})
.catch(error => {
if (error.status === 404) {
return; // Silently ignore if dashboard is deleted
}
dispatch(addDangerToast(
t('There was an issue fetching the favorite status of this
dashboard.')
));
});
};
}
```
###### Provide feedback to improve future suggestions
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/6979cfb8-91ba-4e05-905c-35a9940b1233/upvote)
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/6979cfb8-91ba-4e05-905c-35a9940b1233?what_not_true=true)
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/6979cfb8-91ba-4e05-905c-35a9940b1233?what_out_of_scope=true)
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/6979cfb8-91ba-4e05-905c-35a9940b1233?what_not_in_standard=true)
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/6979cfb8-91ba-4e05-905c-35a9940b1233)
</details>
<sub>
💬 Looking for more details? Reply to this comment to chat with Korbit.
</sub>
<!--- korbi internal id:c203b7e2-a00d-4c68-b18d-0541dc3c3773 -->
[](c203b7e2-a00d-4c68-b18d-0541dc3c3773)
##########
superset-frontend/src/dashboard/actions/dashboardState.js:
##########
@@ -98,23 +98,25 @@ export function toggleFaveStar(isStarred) {
return { type: TOGGLE_FAVE_STAR, isStarred };
}
-export function fetchFaveStar(id) {
- return function fetchFaveStarThunk(dispatch) {
+export function fetchFavoriteStatus(dashboardId) {
+ return dispatch => {
return SupersetClient.get({
- endpoint: `/api/v1/dashboard/favorite_status/?q=${rison.encode([id])}`,
+ endpoint: `/api/v1/dashboard/${dashboardId}/favorite_status`,
})
Review Comment:
### Unsanitized URL Parameter Interpolation <sub></sub>
<details>
<summary>Tell me more</summary>
###### What is the issue?
The dashboardId parameter is directly interpolated into the API endpoint URL
without any input validation or sanitization.
###### Why this matters
If dashboardId contains malicious characters, it could lead to path
traversal attacks or URL manipulation allowing access to unauthorized resources.
###### Suggested change ∙ *Feature Preview*
```javascript
// Sanitize dashboardId before using in URL
const sanitizedId = encodeURIComponent(dashboardId);
endpoint: `/api/v1/dashboard/${sanitizedId}/favorite_status`,
```
###### Provide feedback to improve future suggestions
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/60ff774c-953a-478d-bbd2-1fc9ca74c29a/upvote)
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/60ff774c-953a-478d-bbd2-1fc9ca74c29a?what_not_true=true)
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/60ff774c-953a-478d-bbd2-1fc9ca74c29a?what_out_of_scope=true)
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/60ff774c-953a-478d-bbd2-1fc9ca74c29a?what_not_in_standard=true)
[](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/60ff774c-953a-478d-bbd2-1fc9ca74c29a)
</details>
<sub>
💬 Looking for more details? Reply to this comment to chat with Korbit.
</sub>
<!--- korbi internal id:021cdc33-6d16-458e-b95d-1f75bfba8c70 -->
[](021cdc33-6d16-458e-b95d-1f75bfba8c70)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
