aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJeremy Benoist <jeremy.benoist@gmail.com>2019-01-14 17:01:21 +0100
committerJeremy Benoist <jeremy.benoist@gmail.com>2019-01-14 17:01:21 +0100
commit78e3fafa3fab86638295fe1ee2a05a559bf56ab1 (patch)
tree904be517d033438c36b29d2b5c3227f630455b0a
parenta5e9a98aa3c67ac1ad1aff1a250ef8fdc3c24def (diff)
downloadwallabag-78e3fafa3fab86638295fe1ee2a05a559bf56ab1.tar.gz
wallabag-78e3fafa3fab86638295fe1ee2a05a559bf56ab1.tar.zst
wallabag-78e3fafa3fab86638295fe1ee2a05a559bf56ab1.zip
Avoid error when a bad `order` parameter is given
Only allowed parameter are asc & desc
-rw-r--r--src/Wallabag/ApiBundle/Controller/EntryRestController.php31
-rw-r--r--src/Wallabag/CoreBundle/Repository/EntryRepository.php6
-rw-r--r--tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php9
3 files changed, 32 insertions, 14 deletions
diff --git a/src/Wallabag/ApiBundle/Controller/EntryRestController.php b/src/Wallabag/ApiBundle/Controller/EntryRestController.php
index 0b4e74a0..b2bad406 100644
--- a/src/Wallabag/ApiBundle/Controller/EntryRestController.php
+++ b/src/Wallabag/ApiBundle/Controller/EntryRestController.php
@@ -9,6 +9,7 @@ use Nelmio\ApiDocBundle\Annotation\ApiDoc;
9use Symfony\Component\HttpFoundation\JsonResponse; 9use Symfony\Component\HttpFoundation\JsonResponse;
10use Symfony\Component\HttpFoundation\Request; 10use Symfony\Component\HttpFoundation\Request;
11use Symfony\Component\HttpFoundation\Response; 11use Symfony\Component\HttpFoundation\Response;
12use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
12use Symfony\Component\HttpKernel\Exception\HttpException; 13use Symfony\Component\HttpKernel\Exception\HttpException;
13use Symfony\Component\Routing\Generator\UrlGeneratorInterface; 14use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
14use Wallabag\CoreBundle\Entity\Entry; 15use Wallabag\CoreBundle\Entity\Entry;
@@ -98,24 +99,28 @@ class EntryRestController extends WallabagRestController
98 $isArchived = (null === $request->query->get('archive')) ? null : (bool) $request->query->get('archive'); 99 $isArchived = (null === $request->query->get('archive')) ? null : (bool) $request->query->get('archive');
99 $isStarred = (null === $request->query->get('starred')) ? null : (bool) $request->query->get('starred'); 100 $isStarred = (null === $request->query->get('starred')) ? null : (bool) $request->query->get('starred');
100 $isPublic = (null === $request->query->get('public')) ? null : (bool) $request->query->get('public'); 101 $isPublic = (null === $request->query->get('public')) ? null : (bool) $request->query->get('public');
101 $sort = $request->query->get('sort', 'created'); 102 $sort = strtolower($request->query->get('sort', 'created'));
102 $order = $request->query->get('order', 'desc'); 103 $order = strtolower($request->query->get('order', 'desc'));
103 $page = (int) $request->query->get('page', 1); 104 $page = (int) $request->query->get('page', 1);
104 $perPage = (int) $request->query->get('perPage', 30); 105 $perPage = (int) $request->query->get('perPage', 30);
105 $tags = \is_array($request->query->get('tags')) ? '' : (string) $request->query->get('tags', ''); 106 $tags = \is_array($request->query->get('tags')) ? '' : (string) $request->query->get('tags', '');
106 $since = $request->query->get('since', 0); 107 $since = $request->query->get('since', 0);
107 108
108 /** @var \Pagerfanta\Pagerfanta $pager */ 109 try {
109 $pager = $this->get('wallabag_core.entry_repository')->findEntries( 110 /** @var \Pagerfanta\Pagerfanta $pager */
110 $this->getUser()->getId(), 111 $pager = $this->get('wallabag_core.entry_repository')->findEntries(
111 $isArchived, 112 $this->getUser()->getId(),
112 $isStarred, 113 $isArchived,
113 $isPublic, 114 $isStarred,
114 $sort, 115 $isPublic,
115 $order, 116 $sort,
116 $since, 117 $order,
117 $tags 118 $since,
118 ); 119 $tags
120 );
121 } catch (\Exception $e) {
122 throw new BadRequestHttpException($e->getMessage());
123 }
119 124
120 $pager->setMaxPerPage($perPage); 125 $pager->setMaxPerPage($perPage);
121 $pager->setCurrentPage($page); 126 $pager->setCurrentPage($page);
diff --git a/src/Wallabag/CoreBundle/Repository/EntryRepository.php b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
index 83379998..cebce714 100644
--- a/src/Wallabag/CoreBundle/Repository/EntryRepository.php
+++ b/src/Wallabag/CoreBundle/Repository/EntryRepository.php
@@ -142,7 +142,7 @@ class EntryRepository extends EntityRepository
142 * 142 *
143 * @return Pagerfanta 143 * @return Pagerfanta
144 */ 144 */
145 public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'ASC', $since = 0, $tags = '') 145 public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'asc', $since = 0, $tags = '')
146 { 146 {
147 $qb = $this->createQueryBuilder('e') 147 $qb = $this->createQueryBuilder('e')
148 ->leftJoin('e.tags', 't') 148 ->leftJoin('e.tags', 't')
@@ -185,6 +185,10 @@ class EntryRepository extends EntityRepository
185 } 185 }
186 } 186 }
187 187
188 if (!\in_array(strtolower($order), ['asc', 'desc'], true)) {
189 throw new \Exception('Order "' . $order . '" parameter is wrong, allowed: asc or desc');
190 }
191
188 if ('created' === $sort) { 192 if ('created' === $sort) {
189 $qb->orderBy('e.id', $order); 193 $qb->orderBy('e.id', $order);
190 } elseif ('updated' === $sort) { 194 } elseif ('updated' === $sort) {
diff --git a/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php b/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php
index 58b617f3..2a1d2e15 100644
--- a/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php
+++ b/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php
@@ -242,6 +242,15 @@ class EntryRestControllerTest extends WallabagApiTestCase
242 $this->assertSame(2, $content['limit']); 242 $this->assertSame(2, $content['limit']);
243 } 243 }
244 244
245 public function testGetStarredEntriesWithBadSort()
246 {
247 $this->client->request('GET', '/api/entries', ['starred' => 1, 'sort' => 'updated', 'order' => 'unknown']);
248
249 $this->assertSame(400, $this->client->getResponse()->getStatusCode());
250
251 $this->assertSame('application/json', $this->client->getResponse()->headers->get('Content-Type'));
252 }
253
245 public function testGetStarredEntries() 254 public function testGetStarredEntries()
246 { 255 {
247 $this->client->request('GET', '/api/entries', ['starred' => 1, 'sort' => 'updated']); 256 $this->client->request('GET', '/api/entries', ['starred' => 1, 'sort' => 'updated']);