-Bad get params 404 added

Alexey Boroda
1 parent d9cf0699
Showing 1 changed file with 20 additions and 4 deletions Show diff stats
components/LanguageUrlManager.php
@@ -2,23 +2,39 @@
     namespace artweb\artbox\language\components;
     use artweb\artbox\language\models\Language;
+    use yii\web\NotFoundHttpException;
     use yii\web\UrlManager;
     class LanguageUrlManager extends UrlManager
     {
+        /**
+         * @var array
+         */
+        public $badGetParams = [];
+        
+        public function parseRequest($request)
+        {
+            foreach ($request->get() as $param => $value) {
+                if (in_array($param, $this->badGetParams)) {
+                    throw new NotFoundHttpException();
+                }
+            }
+            
+            return parent::parseRequest($request);
+        }
         /**
          * @inheritdoc
          */
         public function createUrl($params)
         {
-            if(isset( $params[ 'language_id' ] )) {
+            if (isset($params[ 'language_id' ])) {
                 $language = Language::findOne($params[ 'language_id' ]);
-                if($language === NULL) {
+                if ($language === null) {
                     $language = Language::getDefaultLanguage();
                 }
-                unset( $params[ 'language_id' ] );
+                unset($params[ 'language_id' ]);
             } else {
                 $language = Language::getCurrent();
@@ -26,7 +42,7 @@
             $url = parent::createUrl($params);
-            if($url == '/') {
+            if ($url == '/') {
                 return '/' . $language->url;
             } else {
                 return '/' . $language->url . $url;