From 420d9a2a654a6f345ce105b637fa280f5fc0b107 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Thu, 15 Oct 2020 20:28:31 +0200 Subject: [PATCH] RequestFactory: throws exception on invalid $_POST/$_COOKIE data --- src/Http/RequestFactory.php | 5 ++++- tests/Http/Request.invalidType.phpt | 34 +++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 tests/Http/Request.invalidType.phpt diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php index 76e057bc..71d8d161 100644 --- a/src/Http/RequestFactory.php +++ b/src/Http/RequestFactory.php @@ -163,8 +163,11 @@ private function getGetPostCookie(Url $url): array $list[$key][$k] = $v; $list[] = &$list[$key][$k]; - } else { + } elseif (is_string($v)) { $list[$key][$k] = (string) preg_replace('#[^' . self::CHARS . ']+#u', '', $v); + + } else { + throw new Nette\InvalidStateException(sprintf('Invalid value in $_POST/$_COOKIE in key %s, expected string, %s given.', "'$k'", gettype($v))); } } } diff --git a/tests/Http/Request.invalidType.phpt b/tests/Http/Request.invalidType.phpt new file mode 100644 index 00000000..0dd6d6e4 --- /dev/null +++ b/tests/Http/Request.invalidType.phpt @@ -0,0 +1,34 @@ + 1, + ]; + + Assert::exception(function () { + (new Http\RequestFactory)->fromGlobals(); + }, Nette\InvalidStateException::class, 'Invalid value in $_POST/$_COOKIE in key \'int\', expected string, integer given.'); +}); + + +test('invalid COOKIE', function () { + $_POST = []; + $_COOKIE = ['x' => [1]]; + + Assert::exception(function () { + (new Http\RequestFactory)->fromGlobals(); + }, Nette\InvalidStateException::class, 'Invalid value in $_POST/$_COOKIE in key \'0\', expected string, integer given.'); +});