Anastasia / books

Commit 2214ac40f896034d5986acc5b54db3076d5beaa5

Authored by Anastasia
1 parent bafee7a0

- invalid get parameters

Showing 1 changed file with 20 additions and 1 deletions   Show diff stats
Inline Side-by-side
frontend/components/UrlManager.php
  Show/Hide comments   View file @2214ac4
@@ -5,6 +5,7 @@ @@ -5,6 +5,7 @@
5 use artbox\core\models\Alias; 5 use artbox\core\models\Alias;
6 use artbox\core\services\Languages; 6 use artbox\core\services\Languages;
7 use yii\helpers\Json; 7 use yii\helpers\Json;
  8 + use yii\web\NotFoundHttpException;
8 use yii\web\Request; 9 use yii\web\Request;
9 10
10 /** 11 /**
@@ -42,6 +43,15 @@ @@ -42,6 +43,15 @@
42 * @param \artbox\core\services\Languages $languages 43 * @param \artbox\core\services\Languages $languages
43 * @param array $config 44 * @param array $config
44 */ 45 */
  46 +
  47 + public $params = [
  48 + 'id' => 'id',
  49 + 'page' => 'page',
  50 + 'per-page' => 'per_page',
  51 + 'book_id' => 'book_id',
  52 + 'q' => 'q',
  53 + 'tag' => 'tag',
  54 + ];
45 public function __construct(Languages $languages, array $config = []) 55 public function __construct(Languages $languages, array $config = [])
46 { 56 {
47 $this->languages = $languages; 57 $this->languages = $languages;
@@ -77,7 +87,7 @@ @@ -77,7 +87,7 @@
77 ] 87 ]
78 ) 88 )
79 ->one(); 89 ->one();
80 - 90 + $this->invalidParams(\Yii::$app->request->queryParams);
81 if ($alias !== null) { 91 if ($alias !== null) {
82 $params = Json::decode($alias->route); 92 $params = Json::decode($alias->route);
83 93
@@ -185,4 +195,13 @@ @@ -185,4 +195,13 @@
185 // ->send(); 195 // ->send();
186 // } 196 // }
187 } 197 }
  198 +
  199 + protected function invalidParams($requestParams){
  200 + foreach ($requestParams as $key =>$param){
  201 +
  202 + if (!array_key_exists($key, $this->params)){
  203 + throw new NotFoundHttpException();
  204 + }
  205 + }
  206 + }
188 } 207 }
189 \ No newline at end of file 208 \ No newline at end of file