Commit 2214ac40f896034d5986acc5b54db3076d5beaa5
1 parent
bafee7a0
- invalid get parameters
Showing
1 changed file
with
20 additions
and
1 deletions
Show diff stats
frontend/components/UrlManager.php
| ... | ... | @@ -5,6 +5,7 @@ |
| 5 | 5 | use artbox\core\models\Alias; |
| 6 | 6 | use artbox\core\services\Languages; |
| 7 | 7 | use yii\helpers\Json; |
| 8 | + use yii\web\NotFoundHttpException; | |
| 8 | 9 | use yii\web\Request; |
| 9 | 10 | |
| 10 | 11 | /** |
| ... | ... | @@ -42,6 +43,15 @@ |
| 42 | 43 | * @param \artbox\core\services\Languages $languages |
| 43 | 44 | * @param array $config |
| 44 | 45 | */ |
| 46 | + | |
| 47 | + public $params = [ | |
| 48 | + 'id' => 'id', | |
| 49 | + 'page' => 'page', | |
| 50 | + 'per-page' => 'per_page', | |
| 51 | + 'book_id' => 'book_id', | |
| 52 | + 'q' => 'q', | |
| 53 | + 'tag' => 'tag', | |
| 54 | + ]; | |
| 45 | 55 | public function __construct(Languages $languages, array $config = []) |
| 46 | 56 | { |
| 47 | 57 | $this->languages = $languages; |
| ... | ... | @@ -77,7 +87,7 @@ |
| 77 | 87 | ] |
| 78 | 88 | ) |
| 79 | 89 | ->one(); |
| 80 | - | |
| 90 | + $this->invalidParams(\Yii::$app->request->queryParams); | |
| 81 | 91 | if ($alias !== null) { |
| 82 | 92 | $params = Json::decode($alias->route); |
| 83 | 93 | |
| ... | ... | @@ -185,4 +195,13 @@ |
| 185 | 195 | // ->send(); |
| 186 | 196 | // } |
| 187 | 197 | } |
| 198 | + | |
| 199 | + protected function invalidParams($requestParams){ | |
| 200 | + foreach ($requestParams as $key =>$param){ | |
| 201 | + | |
| 202 | + if (!array_key_exists($key, $this->params)){ | |
| 203 | + throw new NotFoundHttpException(); | |
| 204 | + } | |
| 205 | + } | |
| 206 | + } | |
| 188 | 207 | } |
| 189 | 208 | \ No newline at end of file | ... | ... |