diff --git a/src/Http/RequestFactory.php b/src/Http/RequestFactory.php index ef792dd5..d680717e 100644 --- a/src/Http/RequestFactory.php +++ b/src/Http/RequestFactory.php @@ -163,8 +163,11 @@ private function getGetPostCookie(Url $url): array $list[$key][$k] = $v; $list[] = &$list[$key][$k]; - } else { + } elseif (is_string($v)) { $list[$key][$k] = (string) preg_replace('#[^' . self::CHARS . ']+#u', '', $v); + + } else { + throw new Nette\InvalidStateException(sprintf('Invalid value in $_POST/$_COOKIE in key %s, expected string, %s given.', "'$k'", gettype($v))); } } } diff --git a/tests/Http/Request.invalidType.phpt b/tests/Http/Request.invalidType.phpt new file mode 100644 index 00000000..0dd6d6e4 --- /dev/null +++ b/tests/Http/Request.invalidType.phpt @@ -0,0 +1,34 @@ + 1, + ]; + + Assert::exception(function () { + (new Http\RequestFactory)->fromGlobals(); + }, Nette\InvalidStateException::class, 'Invalid value in $_POST/$_COOKIE in key \'int\', expected string, integer given.'); +}); + + +test('invalid COOKIE', function () { + $_POST = []; + $_COOKIE = ['x' => [1]]; + + Assert::exception(function () { + (new Http\RequestFactory)->fromGlobals(); + }, Nette\InvalidStateException::class, 'Invalid value in $_POST/$_COOKIE in key \'0\', expected string, integer given.'); +});