mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-10 19:43:16 +00:00
#fix 279 check params for controllers
This commit is contained in:
Nicolas Le Goff
@@ -321,7 +321,7 @@ return call_user_func(function()
|
|||||||
$var = array("app" => $client, "user" => $app['user'], "token" => $token);
|
$var = array("app" => $client, "user" => $app['user'], "token" => $token);
|
||||||
|
|
||||||
return $app['response']('api/auth/application_dev_show.twig', $var);
|
return $app['response']('api/auth/application_dev_show.twig', $var);
|
||||||
});
|
})->assert('id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* revoke access from a user to the app
|
* revoke access from a user to the app
|
||||||
@@ -384,7 +384,7 @@ return call_user_func(function()
|
|||||||
, 200
|
, 200
|
||||||
, array("content-type" => "application/json")
|
, array("content-type" => "application/json")
|
||||||
);
|
);
|
||||||
});
|
})->assert('id', '\d+');
|
||||||
|
|
||||||
$route = "/applications/oauth_callback";
|
$route = "/applications/oauth_callback";
|
||||||
$app->post($route, function() use ($app)
|
$app->post($route, function() use ($app)
|
||||||
@@ -434,7 +434,7 @@ return call_user_func(function()
|
|||||||
, 200
|
, 200
|
||||||
, array("content-type" => "application/json")
|
, array("content-type" => "application/json")
|
||||||
);
|
);
|
||||||
});
|
})->assert('id', '\d+');
|
||||||
/**
|
/**
|
||||||
* *******************************************************************
|
* *******************************************************************
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -149,7 +149,7 @@ class Basket implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
return new RedirectResponse('/');
|
return new RedirectResponse('/');
|
||||||
}
|
}
|
||||||
});
|
})->assert('basket_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Removes a BasketElement
|
* Removes a BasketElement
|
||||||
@@ -190,7 +190,7 @@ class Basket implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
return new RedirectResponse('/');
|
return new RedirectResponse('/');
|
||||||
}
|
}
|
||||||
});
|
})->assert('basket_id', '\d+')->assert('basket_element_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Update name and description of a basket
|
* Update name and description of a basket
|
||||||
@@ -229,7 +229,7 @@ class Basket implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
return new RedirectResponse('/');
|
return new RedirectResponse('/');
|
||||||
}
|
}
|
||||||
});
|
})->assert('basket_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the form to update the Basket attributes (name and description)
|
* Get the form to update the Basket attributes (name and description)
|
||||||
@@ -251,7 +251,7 @@ class Basket implements ControllerProviderInterface
|
|||||||
, array('basket' => $basket)
|
, array('basket' => $basket)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
});
|
})->assert('basket_id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -276,7 +276,7 @@ class Basket implements ControllerProviderInterface
|
|||||||
, array('basket' => $basket)
|
, array('basket' => $basket)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
});
|
})->assert('basket_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Toggle the status of a Basket
|
* Toggle the status of a Basket
|
||||||
@@ -325,7 +325,7 @@ class Basket implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
return new RedirectResponse('/');
|
return new RedirectResponse('/');
|
||||||
}
|
}
|
||||||
});
|
})->assert('basket_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add a BasketElement to a basket
|
* Add a BasketElement to a basket
|
||||||
@@ -393,7 +393,7 @@ class Basket implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
return new RedirectResponse('/');
|
return new RedirectResponse('/');
|
||||||
}
|
}
|
||||||
});
|
})->assert('basket_id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@@ -456,7 +456,7 @@ class Basket implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
return new RedirectResponse('/');
|
return new RedirectResponse('/');
|
||||||
}
|
}
|
||||||
});
|
})->assert('basket_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get basket creation form
|
* Get basket creation form
|
||||||
|
|||||||
@@ -130,7 +130,7 @@ class Bridge implements ControllerProviderInterface
|
|||||||
$account->get_api()->get_connector()->disconnect();
|
$account->get_api()->get_connector()->disconnect();
|
||||||
|
|
||||||
return $app->redirect('/prod/bridge/adapter/' . $account_id . '/load-elements/' . $account->get_api()->get_connector()->get_default_element_type() . '/');
|
return $app->redirect('/prod/bridge/adapter/' . $account_id . '/load-elements/' . $account->get_api()->get_connector()->get_default_element_type() . '/');
|
||||||
});
|
})->assert('account_id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
$controllers->get('/adapter/{account_id}/load-records/'
|
$controllers->get('/adapter/{account_id}/load-records/'
|
||||||
|
|||||||
@@ -109,7 +109,7 @@ class Feed implements ControllerProviderInterface
|
|||||||
$datas = $twig->render('prod/actions/publish/publish_edit.html', array('entry' => $entry, 'feeds' => $feeds));
|
$datas = $twig->render('prod/actions/publish/publish_edit.html', array('entry' => $entry, 'feeds' => $feeds));
|
||||||
|
|
||||||
return new Response($datas);
|
return new Response($datas);
|
||||||
});
|
})->assert('id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
$controllers->post('/entry/{id}/update/', function(Application $app, Request $request, $id) use ($appbox, $twig)
|
$controllers->post('/entry/{id}/update/', function(Application $app, Request $request, $id) use ($appbox, $twig)
|
||||||
@@ -176,7 +176,7 @@ class Feed implements ControllerProviderInterface
|
|||||||
, 200
|
, 200
|
||||||
, array('Content-Type' => 'application/json')
|
, array('Content-Type' => 'application/json')
|
||||||
);
|
);
|
||||||
});
|
})->assert('id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
$controllers->post('/entry/{id}/delete/', function(Application $app, Request $request, $id) use ($appbox, $twig)
|
$controllers->post('/entry/{id}/delete/', function(Application $app, Request $request, $id) use ($appbox, $twig)
|
||||||
@@ -219,7 +219,7 @@ class Feed implements ControllerProviderInterface
|
|||||||
, 200
|
, 200
|
||||||
, array('Content-Type' => 'application/json')
|
, array('Content-Type' => 'application/json')
|
||||||
);
|
);
|
||||||
});
|
})->assert('id', '\d+');
|
||||||
|
|
||||||
//$app->post('/entry/{id}/addelement/', function($id) use ($app, $appbox, $twig)
|
//$app->post('/entry/{id}/addelement/', function($id) use ($app, $appbox, $twig)
|
||||||
// {
|
// {
|
||||||
@@ -275,7 +275,7 @@ class Feed implements ControllerProviderInterface
|
|||||||
$datas = $twig->render('prod/feeds/feeds.html', array('feed' => $feed, 'feeds' => $feeds, 'page' => $page));
|
$datas = $twig->render('prod/feeds/feeds.html', array('feed' => $feed, 'feeds' => $feeds, 'page' => $page));
|
||||||
|
|
||||||
return new Response($datas);
|
return new Response($datas);
|
||||||
});
|
})->assert('id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
$controllers->get('/subscribe/aggregated/', function(Application $app, Request $request) use ( $appbox, $twig)
|
$controllers->get('/subscribe/aggregated/', function(Application $app, Request $request) use ( $appbox, $twig)
|
||||||
@@ -326,7 +326,7 @@ class Feed implements ControllerProviderInterface
|
|||||||
, 200
|
, 200
|
||||||
, array('Content-Type' => 'application/json')
|
, array('Content-Type' => 'application/json')
|
||||||
);
|
);
|
||||||
});
|
})->assert('id', '\d+');
|
||||||
|
|
||||||
return $controllers;
|
return $controllers;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -186,7 +186,7 @@ class Story implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
return new RedirectResponse('/');
|
return new RedirectResponse('/');
|
||||||
}
|
}
|
||||||
});
|
})->assert('sbas_id', '\d+')->assert('record_id', '\d+');
|
||||||
|
|
||||||
$controllers->post(
|
$controllers->post(
|
||||||
'/{sbas_id}/{record_id}/delete/{child_sbas_id}/{child_record_id}/'
|
'/{sbas_id}/{record_id}/delete/{child_sbas_id}/{child_record_id}/'
|
||||||
@@ -220,7 +220,12 @@ class Story implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
return new RedirectResponse('/');
|
return new RedirectResponse('/');
|
||||||
}
|
}
|
||||||
});
|
})
|
||||||
|
->assert('sbas_id', '\d+')
|
||||||
|
->assert('record_id', '\d+')
|
||||||
|
->assert('child_sbas_id', '\d+')
|
||||||
|
->assert('child_record_id', '\d+');
|
||||||
|
|
||||||
// $controllers->post('/{basket_id}/delete/', function(Application $app, Request $request, $basket_id)
|
// $controllers->post('/{basket_id}/delete/', function(Application $app, Request $request, $basket_id)
|
||||||
// {
|
// {
|
||||||
// $em = $app['Core']->getEntityManager();
|
// $em = $app['Core']->getEntityManager();
|
||||||
|
|||||||
@@ -73,7 +73,7 @@ class Tooltip implements ControllerProviderInterface
|
|||||||
, array('user' => $user)
|
, array('user' => $user)
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
})->assert('sbas_id', '\d+')->assert('record_id', '\d+');
|
})->assert('usr_id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
$controllers->post('/preview/{sbas_id}/{record_id}/'
|
$controllers->post('/preview/{sbas_id}/{record_id}/'
|
||||||
|
|||||||
@@ -202,7 +202,7 @@ class UsrLists implements ControllerProviderInterface
|
|||||||
|
|
||||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||||
}
|
}
|
||||||
);
|
)->assert('list_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Update a list
|
* Update a list
|
||||||
@@ -254,7 +254,7 @@ class UsrLists implements ControllerProviderInterface
|
|||||||
|
|
||||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||||
}
|
}
|
||||||
);
|
)->assert('list_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Delete a list
|
* Delete a list
|
||||||
@@ -292,7 +292,7 @@ class UsrLists implements ControllerProviderInterface
|
|||||||
|
|
||||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||||
}
|
}
|
||||||
);
|
)->assert('list_id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -336,7 +336,7 @@ class UsrLists implements ControllerProviderInterface
|
|||||||
|
|
||||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||||
}
|
}
|
||||||
);
|
)->assert('list_id', '\d+')->assert('entry_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adds a usr_id to a list
|
* Adds a usr_id to a list
|
||||||
@@ -383,7 +383,7 @@ class UsrLists implements ControllerProviderInterface
|
|||||||
|
|
||||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||||
}
|
}
|
||||||
);
|
)->assert('list_id', '\d+')->assert('usr_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Share a list to a user with an optionnal role
|
* Share a list to a user with an optionnal role
|
||||||
@@ -459,7 +459,8 @@ class UsrLists implements ControllerProviderInterface
|
|||||||
|
|
||||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||||
}
|
}
|
||||||
);
|
)->assert('list_id', '\d+')->assert('usr_id', '\d+');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* UnShare a list to a user
|
* UnShare a list to a user
|
||||||
*/
|
*/
|
||||||
@@ -504,7 +505,7 @@ class UsrLists implements ControllerProviderInterface
|
|||||||
|
|
||||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||||
}
|
}
|
||||||
);
|
)->assert('list_id', '\d+')->assert('usr_id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
return $controllers;
|
return $controllers;
|
||||||
|
|||||||
@@ -65,7 +65,6 @@ class WorkZone implements ControllerProviderInterface
|
|||||||
|
|
||||||
$controllers->get('/Browse/Search/', function(Application $app)
|
$controllers->get('/Browse/Search/', function(Application $app)
|
||||||
{
|
{
|
||||||
|
|
||||||
$user = $app['Core']->getAuthenticatedUser();
|
$user = $app['Core']->getAuthenticatedUser();
|
||||||
|
|
||||||
$request = $app['request'];
|
$request = $app['request'];
|
||||||
@@ -99,9 +98,9 @@ class WorkZone implements ControllerProviderInterface
|
|||||||
, 'Page' => $page
|
, 'Page' => $page
|
||||||
, 'MaxPage' => $maxPage
|
, 'MaxPage' => $maxPage
|
||||||
, 'Total' => $Baskets['count']
|
, 'Total' => $Baskets['count']
|
||||||
, 'Query' =>$request->get('Query')
|
, 'Query' => $request->get('Query')
|
||||||
, 'Year' =>$request->get('Year')
|
, 'Year' => $request->get('Year')
|
||||||
, 'Type' =>$request->get('Type')
|
, 'Type' => $request->get('Type')
|
||||||
);
|
);
|
||||||
|
|
||||||
return new Response($app['Core']->getTwig()->render('prod/WorkZone/Browser/Results.html.twig', $params));
|
return new Response($app['Core']->getTwig()->render('prod/WorkZone/Browser/Results.html.twig', $params));
|
||||||
@@ -116,18 +115,18 @@ class WorkZone implements ControllerProviderInterface
|
|||||||
->findUserBasket($basket_id, $app['Core']->getAuthenticatedUser());
|
->findUserBasket($basket_id, $app['Core']->getAuthenticatedUser());
|
||||||
|
|
||||||
$params = array(
|
$params = array(
|
||||||
'Basket'=>$basket
|
'Basket' => $basket
|
||||||
);
|
);
|
||||||
|
|
||||||
return new Response($app['Core']->getTwig()->render('prod/WorkZone/Browser/Basket.html.twig', $params));
|
return new Response($app['Core']->getTwig()->render('prod/WorkZone/Browser/Basket.html.twig', $params));
|
||||||
});
|
})->assert('basket_id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
$controllers->post(
|
$controllers->post(
|
||||||
'/attachStories/'
|
'/attachStories/'
|
||||||
, function(Application $app, Request $request)
|
, function(Application $app, Request $request)
|
||||||
{
|
{
|
||||||
if(!$request->get('stories'))
|
if (!$request->get('stories'))
|
||||||
throw new \Exception_BadRequest();
|
throw new \Exception_BadRequest();
|
||||||
|
|
||||||
$user = $app['Core']->getAuthenticatedUser();
|
$user = $app['Core']->getAuthenticatedUser();
|
||||||
@@ -261,7 +260,7 @@ class WorkZone implements ControllerProviderInterface
|
|||||||
{
|
{
|
||||||
return new RedirectResponse('/');
|
return new RedirectResponse('/');
|
||||||
}
|
}
|
||||||
});
|
})->assert('sbas_id', '\d+')->assert('record_id', '\d+');
|
||||||
|
|
||||||
|
|
||||||
return $controllers;
|
return $controllers;
|
||||||
|
|||||||
@@ -154,7 +154,7 @@ class RSSFeeds implements ControllerProviderInterface
|
|||||||
$page = $page < 1 ? 1 : $page;
|
$page = $page < 1 ? 1 : $page;
|
||||||
|
|
||||||
return $display_feed($feed, $format, $page, $token->get_user());
|
return $display_feed($feed, $format, $page, $token->get_user());
|
||||||
})->assert('id', '\d+')->assert('format', '(rss|atom)');
|
})->assert('format', '(rss|atom)');
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user