mirror of
https://github.com/wallabag/wallabag.git
synced 2024-11-26 11:01:04 +00:00
Avoid error when a bad order parameter is given
Only allowed parameter are asc & desc
This commit is contained in:
Jeremy Benoist
parent
a5e9a98aa3
commit
78e3fafa3f
3 changed files with 32 additions and 14 deletions
|
|
@ -9,6 +9,7 @@ use Nelmio\ApiDocBundle\Annotation\ApiDoc;
|
||||||
use Symfony\Component\HttpFoundation\JsonResponse;
|
use Symfony\Component\HttpFoundation\JsonResponse;
|
||||||
use Symfony\Component\HttpFoundation\Request;
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
|
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||||
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
|
||||||
use Wallabag\CoreBundle\Entity\Entry;
|
use Wallabag\CoreBundle\Entity\Entry;
|
||||||
|
|
@ -98,24 +99,28 @@ class EntryRestController extends WallabagRestController
|
||||||
$isArchived = (null === $request->query->get('archive')) ? null : (bool) $request->query->get('archive');
|
$isArchived = (null === $request->query->get('archive')) ? null : (bool) $request->query->get('archive');
|
||||||
$isStarred = (null === $request->query->get('starred')) ? null : (bool) $request->query->get('starred');
|
$isStarred = (null === $request->query->get('starred')) ? null : (bool) $request->query->get('starred');
|
||||||
$isPublic = (null === $request->query->get('public')) ? null : (bool) $request->query->get('public');
|
$isPublic = (null === $request->query->get('public')) ? null : (bool) $request->query->get('public');
|
||||||
$sort = $request->query->get('sort', 'created');
|
$sort = strtolower($request->query->get('sort', 'created'));
|
||||||
$order = $request->query->get('order', 'desc');
|
$order = strtolower($request->query->get('order', 'desc'));
|
||||||
$page = (int) $request->query->get('page', 1);
|
$page = (int) $request->query->get('page', 1);
|
||||||
$perPage = (int) $request->query->get('perPage', 30);
|
$perPage = (int) $request->query->get('perPage', 30);
|
||||||
$tags = \is_array($request->query->get('tags')) ? '' : (string) $request->query->get('tags', '');
|
$tags = \is_array($request->query->get('tags')) ? '' : (string) $request->query->get('tags', '');
|
||||||
$since = $request->query->get('since', 0);
|
$since = $request->query->get('since', 0);
|
||||||
|
|
||||||
/** @var \Pagerfanta\Pagerfanta $pager */
|
try {
|
||||||
$pager = $this->get('wallabag_core.entry_repository')->findEntries(
|
/** @var \Pagerfanta\Pagerfanta $pager */
|
||||||
$this->getUser()->getId(),
|
$pager = $this->get('wallabag_core.entry_repository')->findEntries(
|
||||||
$isArchived,
|
$this->getUser()->getId(),
|
||||||
$isStarred,
|
$isArchived,
|
||||||
$isPublic,
|
$isStarred,
|
||||||
$sort,
|
$isPublic,
|
||||||
$order,
|
$sort,
|
||||||
$since,
|
$order,
|
||||||
$tags
|
$since,
|
||||||
);
|
$tags
|
||||||
|
);
|
||||||
|
} catch (\Exception $e) {
|
||||||
|
throw new BadRequestHttpException($e->getMessage());
|
||||||
|
}
|
||||||
|
|
||||||
$pager->setMaxPerPage($perPage);
|
$pager->setMaxPerPage($perPage);
|
||||||
$pager->setCurrentPage($page);
|
$pager->setCurrentPage($page);
|
||||||
|
|
|
||||||
|
|
@ -142,7 +142,7 @@ class EntryRepository extends EntityRepository
|
||||||
*
|
*
|
||||||
* @return Pagerfanta
|
* @return Pagerfanta
|
||||||
*/
|
*/
|
||||||
public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'ASC', $since = 0, $tags = '')
|
public function findEntries($userId, $isArchived = null, $isStarred = null, $isPublic = null, $sort = 'created', $order = 'asc', $since = 0, $tags = '')
|
||||||
{
|
{
|
||||||
$qb = $this->createQueryBuilder('e')
|
$qb = $this->createQueryBuilder('e')
|
||||||
->leftJoin('e.tags', 't')
|
->leftJoin('e.tags', 't')
|
||||||
|
|
@ -185,6 +185,10 @@ class EntryRepository extends EntityRepository
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!\in_array(strtolower($order), ['asc', 'desc'], true)) {
|
||||||
|
throw new \Exception('Order "' . $order . '" parameter is wrong, allowed: asc or desc');
|
||||||
|
}
|
||||||
|
|
||||||
if ('created' === $sort) {
|
if ('created' === $sort) {
|
||||||
$qb->orderBy('e.id', $order);
|
$qb->orderBy('e.id', $order);
|
||||||
} elseif ('updated' === $sort) {
|
} elseif ('updated' === $sort) {
|
||||||
|
|
|
||||||
|
|
@ -242,6 +242,15 @@ class EntryRestControllerTest extends WallabagApiTestCase
|
||||||
$this->assertSame(2, $content['limit']);
|
$this->assertSame(2, $content['limit']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testGetStarredEntriesWithBadSort()
|
||||||
|
{
|
||||||
|
$this->client->request('GET', '/api/entries', ['starred' => 1, 'sort' => 'updated', 'order' => 'unknown']);
|
||||||
|
|
||||||
|
$this->assertSame(400, $this->client->getResponse()->getStatusCode());
|
||||||
|
|
||||||
|
$this->assertSame('application/json', $this->client->getResponse()->headers->get('Content-Type'));
|
||||||
|
}
|
||||||
|
|
||||||
public function testGetStarredEntries()
|
public function testGetStarredEntries()
|
||||||
{
|
{
|
||||||
$this->client->request('GET', '/api/entries', ['starred' => 1, 'sort' => 'updated']);
|
$this->client->request('GET', '/api/entries', ['starred' => 1, 'sort' => 'updated']);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue