mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-10 19:43:16 +00:00
#fix 279 check params for controllers
This commit is contained in:
Nicolas Le Goff
@@ -321,7 +321,7 @@ return call_user_func(function()
|
||||
$var = array("app" => $client, "user" => $app['user'], "token" => $token);
|
||||
|
||||
return $app['response']('api/auth/application_dev_show.twig', $var);
|
||||
});
|
||||
})->assert('id', '\d+');
|
||||
|
||||
/**
|
||||
* revoke access from a user to the app
|
||||
@@ -384,7 +384,7 @@ return call_user_func(function()
|
||||
, 200
|
||||
, array("content-type" => "application/json")
|
||||
);
|
||||
});
|
||||
})->assert('id', '\d+');
|
||||
|
||||
$route = "/applications/oauth_callback";
|
||||
$app->post($route, function() use ($app)
|
||||
@@ -434,7 +434,7 @@ return call_user_func(function()
|
||||
, 200
|
||||
, array("content-type" => "application/json")
|
||||
);
|
||||
});
|
||||
})->assert('id', '\d+');
|
||||
/**
|
||||
* *******************************************************************
|
||||
*
|
||||
|
||||
@@ -149,7 +149,7 @@ class Basket implements ControllerProviderInterface
|
||||
{
|
||||
return new RedirectResponse('/');
|
||||
}
|
||||
});
|
||||
})->assert('basket_id', '\d+');
|
||||
|
||||
/**
|
||||
* Removes a BasketElement
|
||||
@@ -190,7 +190,7 @@ class Basket implements ControllerProviderInterface
|
||||
{
|
||||
return new RedirectResponse('/');
|
||||
}
|
||||
});
|
||||
})->assert('basket_id', '\d+')->assert('basket_element_id', '\d+');
|
||||
|
||||
/**
|
||||
* Update name and description of a basket
|
||||
@@ -229,7 +229,7 @@ class Basket implements ControllerProviderInterface
|
||||
{
|
||||
return new RedirectResponse('/');
|
||||
}
|
||||
});
|
||||
})->assert('basket_id', '\d+');
|
||||
|
||||
/**
|
||||
* Get the form to update the Basket attributes (name and description)
|
||||
@@ -251,7 +251,7 @@ class Basket implements ControllerProviderInterface
|
||||
, array('basket' => $basket)
|
||||
)
|
||||
);
|
||||
});
|
||||
})->assert('basket_id', '\d+');
|
||||
|
||||
|
||||
/**
|
||||
@@ -276,7 +276,7 @@ class Basket implements ControllerProviderInterface
|
||||
, array('basket' => $basket)
|
||||
)
|
||||
);
|
||||
});
|
||||
})->assert('basket_id', '\d+');
|
||||
|
||||
/**
|
||||
* Toggle the status of a Basket
|
||||
@@ -325,7 +325,7 @@ class Basket implements ControllerProviderInterface
|
||||
{
|
||||
return new RedirectResponse('/');
|
||||
}
|
||||
});
|
||||
})->assert('basket_id', '\d+');
|
||||
|
||||
/**
|
||||
* Add a BasketElement to a basket
|
||||
@@ -393,7 +393,7 @@ class Basket implements ControllerProviderInterface
|
||||
{
|
||||
return new RedirectResponse('/');
|
||||
}
|
||||
});
|
||||
})->assert('basket_id', '\d+');
|
||||
|
||||
|
||||
|
||||
@@ -456,7 +456,7 @@ class Basket implements ControllerProviderInterface
|
||||
{
|
||||
return new RedirectResponse('/');
|
||||
}
|
||||
});
|
||||
})->assert('basket_id', '\d+');
|
||||
|
||||
/**
|
||||
* Get basket creation form
|
||||
|
||||
@@ -130,7 +130,7 @@ class Bridge implements ControllerProviderInterface
|
||||
$account->get_api()->get_connector()->disconnect();
|
||||
|
||||
return $app->redirect('/prod/bridge/adapter/' . $account_id . '/load-elements/' . $account->get_api()->get_connector()->get_default_element_type() . '/');
|
||||
});
|
||||
})->assert('account_id', '\d+');
|
||||
|
||||
|
||||
$controllers->get('/adapter/{account_id}/load-records/'
|
||||
|
||||
@@ -109,7 +109,7 @@ class Feed implements ControllerProviderInterface
|
||||
$datas = $twig->render('prod/actions/publish/publish_edit.html', array('entry' => $entry, 'feeds' => $feeds));
|
||||
|
||||
return new Response($datas);
|
||||
});
|
||||
})->assert('id', '\d+');
|
||||
|
||||
|
||||
$controllers->post('/entry/{id}/update/', function(Application $app, Request $request, $id) use ($appbox, $twig)
|
||||
@@ -176,7 +176,7 @@ class Feed implements ControllerProviderInterface
|
||||
, 200
|
||||
, array('Content-Type' => 'application/json')
|
||||
);
|
||||
});
|
||||
})->assert('id', '\d+');
|
||||
|
||||
|
||||
$controllers->post('/entry/{id}/delete/', function(Application $app, Request $request, $id) use ($appbox, $twig)
|
||||
@@ -219,7 +219,7 @@ class Feed implements ControllerProviderInterface
|
||||
, 200
|
||||
, array('Content-Type' => 'application/json')
|
||||
);
|
||||
});
|
||||
})->assert('id', '\d+');
|
||||
|
||||
//$app->post('/entry/{id}/addelement/', function($id) use ($app, $appbox, $twig)
|
||||
// {
|
||||
@@ -275,7 +275,7 @@ class Feed implements ControllerProviderInterface
|
||||
$datas = $twig->render('prod/feeds/feeds.html', array('feed' => $feed, 'feeds' => $feeds, 'page' => $page));
|
||||
|
||||
return new Response($datas);
|
||||
});
|
||||
})->assert('id', '\d+');
|
||||
|
||||
|
||||
$controllers->get('/subscribe/aggregated/', function(Application $app, Request $request) use ( $appbox, $twig)
|
||||
@@ -326,7 +326,7 @@ class Feed implements ControllerProviderInterface
|
||||
, 200
|
||||
, array('Content-Type' => 'application/json')
|
||||
);
|
||||
});
|
||||
})->assert('id', '\d+');
|
||||
|
||||
return $controllers;
|
||||
}
|
||||
|
||||
@@ -186,7 +186,7 @@ class Story implements ControllerProviderInterface
|
||||
{
|
||||
return new RedirectResponse('/');
|
||||
}
|
||||
});
|
||||
})->assert('sbas_id', '\d+')->assert('record_id', '\d+');
|
||||
|
||||
$controllers->post(
|
||||
'/{sbas_id}/{record_id}/delete/{child_sbas_id}/{child_record_id}/'
|
||||
@@ -220,7 +220,12 @@ class Story implements ControllerProviderInterface
|
||||
{
|
||||
return new RedirectResponse('/');
|
||||
}
|
||||
});
|
||||
})
|
||||
->assert('sbas_id', '\d+')
|
||||
->assert('record_id', '\d+')
|
||||
->assert('child_sbas_id', '\d+')
|
||||
->assert('child_record_id', '\d+');
|
||||
|
||||
// $controllers->post('/{basket_id}/delete/', function(Application $app, Request $request, $basket_id)
|
||||
// {
|
||||
// $em = $app['Core']->getEntityManager();
|
||||
|
||||
@@ -73,7 +73,7 @@ class Tooltip implements ControllerProviderInterface
|
||||
, array('user' => $user)
|
||||
)
|
||||
);
|
||||
})->assert('sbas_id', '\d+')->assert('record_id', '\d+');
|
||||
})->assert('usr_id', '\d+');
|
||||
|
||||
|
||||
$controllers->post('/preview/{sbas_id}/{record_id}/'
|
||||
|
||||
@@ -202,7 +202,7 @@ class UsrLists implements ControllerProviderInterface
|
||||
|
||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||
}
|
||||
);
|
||||
)->assert('list_id', '\d+');
|
||||
|
||||
/**
|
||||
* Update a list
|
||||
@@ -254,7 +254,7 @@ class UsrLists implements ControllerProviderInterface
|
||||
|
||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||
}
|
||||
);
|
||||
)->assert('list_id', '\d+');
|
||||
|
||||
/**
|
||||
* Delete a list
|
||||
@@ -292,7 +292,7 @@ class UsrLists implements ControllerProviderInterface
|
||||
|
||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||
}
|
||||
);
|
||||
)->assert('list_id', '\d+');
|
||||
|
||||
|
||||
/**
|
||||
@@ -336,7 +336,7 @@ class UsrLists implements ControllerProviderInterface
|
||||
|
||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||
}
|
||||
);
|
||||
)->assert('list_id', '\d+')->assert('entry_id', '\d+');
|
||||
|
||||
/**
|
||||
* Adds a usr_id to a list
|
||||
@@ -383,7 +383,7 @@ class UsrLists implements ControllerProviderInterface
|
||||
|
||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||
}
|
||||
);
|
||||
)->assert('list_id', '\d+')->assert('usr_id', '\d+');
|
||||
|
||||
/**
|
||||
* Share a list to a user with an optionnal role
|
||||
@@ -459,7 +459,8 @@ class UsrLists implements ControllerProviderInterface
|
||||
|
||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||
}
|
||||
);
|
||||
)->assert('list_id', '\d+')->assert('usr_id', '\d+');
|
||||
|
||||
/**
|
||||
* UnShare a list to a user
|
||||
*/
|
||||
@@ -504,7 +505,7 @@ class UsrLists implements ControllerProviderInterface
|
||||
|
||||
return new Response($Json, 200, array('Content-Type' => 'application/json'));
|
||||
}
|
||||
);
|
||||
)->assert('list_id', '\d+')->assert('usr_id', '\d+');
|
||||
|
||||
|
||||
return $controllers;
|
||||
|
||||
@@ -65,7 +65,6 @@ class WorkZone implements ControllerProviderInterface
|
||||
|
||||
$controllers->get('/Browse/Search/', function(Application $app)
|
||||
{
|
||||
|
||||
$user = $app['Core']->getAuthenticatedUser();
|
||||
|
||||
$request = $app['request'];
|
||||
@@ -120,7 +119,7 @@ class WorkZone implements ControllerProviderInterface
|
||||
);
|
||||
|
||||
return new Response($app['Core']->getTwig()->render('prod/WorkZone/Browser/Basket.html.twig', $params));
|
||||
});
|
||||
})->assert('basket_id', '\d+');
|
||||
|
||||
|
||||
$controllers->post(
|
||||
@@ -261,7 +260,7 @@ class WorkZone implements ControllerProviderInterface
|
||||
{
|
||||
return new RedirectResponse('/');
|
||||
}
|
||||
});
|
||||
})->assert('sbas_id', '\d+')->assert('record_id', '\d+');
|
||||
|
||||
|
||||
return $controllers;
|
||||
|
||||
@@ -154,7 +154,7 @@ class RSSFeeds implements ControllerProviderInterface
|
||||
$page = $page < 1 ? 1 : $page;
|
||||
|
||||
return $display_feed($feed, $format, $page, $token->get_user());
|
||||
})->assert('id', '\d+')->assert('format', '(rss|atom)');
|
||||
})->assert('format', '(rss|atom)');
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user