diff --git a/src/Wallabag/ApiBundle/Controller/EntryRestController.php b/src/Wallabag/ApiBundle/Controller/EntryRestController.php index 748e5b0cc..5199d1a1a 100644 --- a/src/Wallabag/ApiBundle/Controller/EntryRestController.php +++ b/src/Wallabag/ApiBundle/Controller/EntryRestController.php @@ -15,6 +15,7 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\HttpKernel\Exception\HttpException; use Symfony\Component\Routing\Annotation\Route; +use Symfony\Component\Validator\Validator\ValidatorInterface; use Wallabag\CoreBundle\Entity\Entry; use Wallabag\CoreBundle\Entity\Tag; use Wallabag\CoreBundle\Event\EntryDeletedEvent; @@ -688,8 +689,15 @@ class EntryRestController extends WallabagRestController * * @return JsonResponse */ - public function postEntriesAction(Request $request, EntryRepository $entryRepository, ContentProxy $contentProxy, LoggerInterface $logger, TagsAssigner $tagsAssigner, EventDispatcherInterface $eventDispatcher) - { + public function postEntriesAction( + Request $request, + EntryRepository $entryRepository, + ContentProxy $contentProxy, + LoggerInterface $logger, + TagsAssigner $tagsAssigner, + EventDispatcherInterface $eventDispatcher, + ValidatorInterface $validator + ) { $this->validateAuthentication(); $url = $request->request->get('url'); @@ -760,6 +768,13 @@ class EntryRestController extends WallabagRestController $contentProxy->setDefaultEntryTitle($entry); } + $errors = $validator->validate($entry); + if (\count($errors) > 0) { + $errorsString = (string) $errors; + + return $this->sendResponse($errorsString); + } + $this->entityManager->persist($entry); $this->entityManager->flush(); diff --git a/src/Wallabag/CoreBundle/Controller/EntryController.php b/src/Wallabag/CoreBundle/Controller/EntryController.php index 655217c95..a177911fa 100644 --- a/src/Wallabag/CoreBundle/Controller/EntryController.php +++ b/src/Wallabag/CoreBundle/Controller/EntryController.php @@ -197,6 +197,8 @@ class EntryController extends AbstractController // entry saved, dispatch event about it! $this->eventDispatcher->dispatch(new EntrySavedEvent($entry), EntrySavedEvent::NAME); + return $this->redirect($this->generateUrl('homepage')); + } elseif ($form->isSubmitted() && !$form->isValid()) { return $this->redirect($this->generateUrl('homepage')); } diff --git a/src/Wallabag/CoreBundle/Entity/Entry.php b/src/Wallabag/CoreBundle/Entity/Entry.php index 5a00c0dbe..efbc0c1b6 100644 --- a/src/Wallabag/CoreBundle/Entity/Entry.php +++ b/src/Wallabag/CoreBundle/Entity/Entry.php @@ -78,6 +78,9 @@ class Entry * @var string * * @Assert\NotBlank() + * @Assert\Url( + * message = "The url '{{ value }}' is not a valid url", + * ) * @ORM\Column(name="url", type="text", nullable=true) * * @Groups({"entries_for_user", "export_all"}) diff --git a/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php b/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php index f2cd1f873..c484c4146 100644 --- a/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/EntryRestControllerTest.php @@ -509,6 +509,25 @@ class EntryRestControllerTest extends WallabagApiTestCase $this->assertSame(400, $this->client->getResponse()->getStatusCode()); } + public function testBadFormatURL() + { + $this->client->request('POST', '/api/entries.json', [ + 'url' => 'wallabagIsAwesome', + 'tags' => 'google', + 'title' => 'New title for my article', + 'content' => 'my content', + 'language' => 'de', + 'published_at' => '2016-09-08T11:55:58+0200', + 'authors' => 'bob,helen', + 'public' => 1, + ]); + + $this->assertSame(200, $this->client->getResponse()->getStatusCode()); + + $content = json_decode($this->client->getResponse()->getContent(), true); + $this->assertStringContainsString('The url \'"wallabagIsAwesome"\' is not a valid url', $content); + } + public function testPostEntry() { $this->client->request('POST', '/api/entries.json', [ diff --git a/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php b/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php index a6e0f395b..5d804e598 100644 --- a/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php +++ b/tests/Wallabag/CoreBundle/Controller/EntryControllerTest.php @@ -20,6 +20,7 @@ class EntryControllerTest extends WallabagCoreTestCase public const AN_URL_CONTAINING_AN_ARTICLE_WITH_IMAGE = 'https://www.lemonde.fr/judo/article/2017/11/11/judo-la-decima-de-teddy-riner_5213605_1556020.html'; public $downloadImagesEnabled = false; public $url = 'https://www.lemonde.fr/pixels/article/2019/06/18/ce-qu-il-faut-savoir-sur-le-libra-la-cryptomonnaie-de-facebook_5477887_4408996.html'; + public $wrongUrl = 'wallabagIsAwesome'; private $entryDataTestAttribute = '[data-test="entry"]'; /** @@ -137,9 +138,7 @@ class EntryControllerTest extends WallabagCoreTestCase $crawler = $client->submit($form); - $this->assertSame(200, $client->getResponse()->getStatusCode()); - $this->assertCount(1, $alert = $crawler->filter('form ul li')->extract(['_text'])); - $this->assertSame('This value should not be blank.', $alert[0]); + $this->assertSame(302, $client->getResponse()->getStatusCode()); } /** @@ -423,6 +422,38 @@ class EntryControllerTest extends WallabagCoreTestCase $em->flush(); } + /** + * @group NetworkCalls + */ + public function testBadFormatURL() + { + $this->logInAs('admin'); + $client = $this->getTestClient(); + + $client->getContainer()->get(Config::class)->set('store_article_headers', 1); + + $crawler = $client->request('GET', '/new'); + + $this->assertSame(200, $client->getResponse()->getStatusCode()); + + $form = $crawler->filter('form[name=entry]')->form(); + + $data = [ + 'entry[url]' => $this->wrongUrl, + ]; + + $client->submit($form, $data); + + $this->assertSame(302, $client->getResponse()->getStatusCode()); + + $content = $client->getContainer() + ->get(EntityManagerInterface::class) + ->getRepository(Entry::class) + ->findByUrlAndUserId($this->wrongUrl, $this->getLoggedInUserId()); + + $this->assertFalse($content); + } + public function testArchive() { $this->logInAs('admin');