mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-02-25 18:45:27 -06:00
Merge pull request #6905 from firefly-iii/fix-validation
Catch various validation errors
This commit is contained in:
James Cole
GitHub
commit
afca023767
@ -31,10 +31,12 @@ use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
|||||||
use Illuminate\Foundation\Bus\DispatchesJobs;
|
use Illuminate\Foundation\Bus\DispatchesJobs;
|
||||||
use Illuminate\Foundation\Validation\ValidatesRequests;
|
use Illuminate\Foundation\Validation\ValidatesRequests;
|
||||||
use Illuminate\Routing\Controller as BaseController;
|
use Illuminate\Routing\Controller as BaseController;
|
||||||
|
use Illuminate\Support\Facades\Log;
|
||||||
use League\Fractal\Manager;
|
use League\Fractal\Manager;
|
||||||
use League\Fractal\Serializer\JsonApiSerializer;
|
use League\Fractal\Serializer\JsonApiSerializer;
|
||||||
use Psr\Container\ContainerExceptionInterface;
|
use Psr\Container\ContainerExceptionInterface;
|
||||||
use Psr\Container\NotFoundExceptionInterface;
|
use Psr\Container\NotFoundExceptionInterface;
|
||||||
|
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
|
||||||
use Symfony\Component\HttpFoundation\ParameterBag;
|
use Symfony\Component\HttpFoundation\ParameterBag;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -95,7 +97,13 @@ abstract class Controller extends BaseController
|
|||||||
// some date fields:
|
// some date fields:
|
||||||
$dates = ['start', 'end', 'date'];
|
$dates = ['start', 'end', 'date'];
|
||||||
foreach ($dates as $field) {
|
foreach ($dates as $field) {
|
||||||
$date = request()->query->get($field);
|
try {
|
||||||
|
$date = request()->query->get($field);
|
||||||
|
} catch(BadRequestException $e) {
|
||||||
|
Log::error(sprintf('Request field "%s" contains a non-scalar value. Value set to NULL.', $field));
|
||||||
|
Log::error($e->getMessage());
|
||||||
|
$value = null;
|
||||||
|
}
|
||||||
$obj = null;
|
$obj = null;
|
||||||
if (null !== $date) {
|
if (null !== $date) {
|
||||||
try {
|
try {
|
||||||
@ -111,7 +119,13 @@ abstract class Controller extends BaseController
|
|||||||
// integer fields:
|
// integer fields:
|
||||||
$integers = ['limit'];
|
$integers = ['limit'];
|
||||||
foreach ($integers as $integer) {
|
foreach ($integers as $integer) {
|
||||||
$value = request()->query->get($integer);
|
try {
|
||||||
|
$value = request()->query->get($integer);
|
||||||
|
} catch(BadRequestException $e) {
|
||||||
|
Log::error(sprintf('Request field "%s" contains a non-scalar value. Value set to NULL.', $integer));
|
||||||
|
Log::error($e->getMessage());
|
||||||
|
$value = null;
|
||||||
|
}
|
||||||
if (null !== $value) {
|
if (null !== $value) {
|
||||||
$bag->set($integer, (int)$value);
|
$bag->set($integer, (int)$value);
|
||||||
}
|
}
|
||||||
@ -129,7 +143,13 @@ abstract class Controller extends BaseController
|
|||||||
private function getSortParameters(ParameterBag $bag): ParameterBag
|
private function getSortParameters(ParameterBag $bag): ParameterBag
|
||||||
{
|
{
|
||||||
$sortParameters = [];
|
$sortParameters = [];
|
||||||
$param = (string)request()->query->get('sort');
|
try {
|
||||||
|
$param = (string)request()->query->get('sort');
|
||||||
|
} catch(BadRequestException $e) {
|
||||||
|
Log::error('Request field "sort" contains a non-scalar value. Value set to NULL.');
|
||||||
|
Log::error($e->getMessage());
|
||||||
|
$param = '';
|
||||||
|
}
|
||||||
if ('' === $param) {
|
if ('' === $param) {
|
||||||
return $bag;
|
return $bag;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -32,6 +32,7 @@ use Illuminate\Database\Eloquent\Model;
|
|||||||
use Illuminate\Pagination\LengthAwarePaginator;
|
use Illuminate\Pagination\LengthAwarePaginator;
|
||||||
use Illuminate\Routing\Controller as BaseController;
|
use Illuminate\Routing\Controller as BaseController;
|
||||||
use Illuminate\Support\Collection;
|
use Illuminate\Support\Collection;
|
||||||
|
use Illuminate\Support\Facades\Log;
|
||||||
use League\Fractal\Manager;
|
use League\Fractal\Manager;
|
||||||
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
|
use League\Fractal\Pagination\IlluminatePaginatorAdapter;
|
||||||
use League\Fractal\Resource\Collection as FractalCollection;
|
use League\Fractal\Resource\Collection as FractalCollection;
|
||||||
@ -39,6 +40,7 @@ use League\Fractal\Resource\Item;
|
|||||||
use League\Fractal\Serializer\JsonApiSerializer;
|
use League\Fractal\Serializer\JsonApiSerializer;
|
||||||
use Psr\Container\ContainerExceptionInterface;
|
use Psr\Container\ContainerExceptionInterface;
|
||||||
use Psr\Container\NotFoundExceptionInterface;
|
use Psr\Container\NotFoundExceptionInterface;
|
||||||
|
use Symfony\Component\HttpFoundation\Exception\BadRequestException;
|
||||||
use Symfony\Component\HttpFoundation\ParameterBag;
|
use Symfony\Component\HttpFoundation\ParameterBag;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -90,7 +92,13 @@ class Controller extends BaseController
|
|||||||
|
|
||||||
// some date fields:
|
// some date fields:
|
||||||
foreach ($dates as $field) {
|
foreach ($dates as $field) {
|
||||||
$date = request()->query->get($field);
|
try {
|
||||||
|
$date = request()->query->get($field);
|
||||||
|
} catch(BadRequestException $e) {
|
||||||
|
Log::error(sprintf('Request field "%s" contains a non-scalar value. Value set to NULL.', $field));
|
||||||
|
Log::error($e->getMessage());
|
||||||
|
$value = null;
|
||||||
|
}
|
||||||
$obj = null;
|
$obj = null;
|
||||||
if (null !== $date) {
|
if (null !== $date) {
|
||||||
try {
|
try {
|
||||||
@ -105,7 +113,13 @@ class Controller extends BaseController
|
|||||||
|
|
||||||
// integer fields:
|
// integer fields:
|
||||||
foreach ($integers as $integer) {
|
foreach ($integers as $integer) {
|
||||||
$value = request()->query->get($integer);
|
try {
|
||||||
|
$value = request()->query->get($integer);
|
||||||
|
} catch(BadRequestException $e) {
|
||||||
|
Log::error(sprintf('Request field "%s" contains a non-scalar value. Value set to NULL.', $integer));
|
||||||
|
Log::error($e->getMessage());
|
||||||
|
$value = null;
|
||||||
|
}
|
||||||
if (null !== $value) {
|
if (null !== $value) {
|
||||||
$bag->set($integer, (int)$value);
|
$bag->set($integer, (int)$value);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -106,7 +106,11 @@ class SearchController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function search(Request $request, SearchInterface $searcher): JsonResponse
|
public function search(Request $request, SearchInterface $searcher): JsonResponse
|
||||||
{
|
{
|
||||||
$fullQuery = (string)$request->get('query');
|
$entry = $request->get('query');
|
||||||
|
if (!is_scalar($entry)) {
|
||||||
|
$entry = '';
|
||||||
|
}
|
||||||
|
$fullQuery = (string)$entry;
|
||||||
$page = 0 === (int)$request->get('page') ? 1 : (int)$request->get('page');
|
$page = 0 === (int)$request->get('page') ? 1 : (int)$request->get('page');
|
||||||
|
|
||||||
$searcher->parseQuery($fullQuery);
|
$searcher->parseQuery($fullQuery);
|
||||||
|
|||||||
@ -215,7 +215,12 @@ class ReportFormRequest extends FormRequest
|
|||||||
$repository = app(TagRepositoryInterface::class);
|
$repository = app(TagRepositoryInterface::class);
|
||||||
$set = $this->get('tag');
|
$set = $this->get('tag');
|
||||||
$collection = new Collection();
|
$collection = new Collection();
|
||||||
Log::debug('Set is:', $set ?? []);
|
if (is_array($set)) {
|
||||||
|
Log::debug('Set is:', $set);
|
||||||
|
}
|
||||||
|
if (!is_array($set)) {
|
||||||
|
Log::error(sprintf('Set is not an array! "%s"', $set));
|
||||||
|
}
|
||||||
if (is_array($set)) {
|
if (is_array($set)) {
|
||||||
foreach ($set as $tagTag) {
|
foreach ($set as $tagTag) {
|
||||||
Log::debug(sprintf('Now searching for "%s"', $tagTag));
|
Log::debug(sprintf('Now searching for "%s"', $tagTag));
|
||||||
|
|||||||
@ -142,7 +142,7 @@ class RemoteUserGuard implements Guard
|
|||||||
{
|
{
|
||||||
Log::debug(sprintf('Now at %s', __METHOD__));
|
Log::debug(sprintf('Now at %s', __METHOD__));
|
||||||
$user = $this->user;
|
$user = $this->user;
|
||||||
if(null === $user) {
|
if (null === $user) {
|
||||||
Log::debug('User is NULL');
|
Log::debug('User is NULL');
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -46,10 +46,11 @@ trait ConvertsDataTypes
|
|||||||
* Abstract method that always exists in the Request classes that use this
|
* Abstract method that always exists in the Request classes that use this
|
||||||
* trait, OR a stub needs to be added by any other class that uses this train.
|
* trait, OR a stub needs to be added by any other class that uses this train.
|
||||||
*
|
*
|
||||||
* @param mixed $key
|
* @param mixed $key
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
abstract public function has($key);
|
abstract public function has($key);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return integer value.
|
* Return integer value.
|
||||||
*
|
*
|
||||||
@ -71,7 +72,11 @@ trait ConvertsDataTypes
|
|||||||
*/
|
*/
|
||||||
public function convertString(string $field): string
|
public function convertString(string $field): string
|
||||||
{
|
{
|
||||||
return $this->clearString((string)($this->get($field) ?? ''), false);
|
$entry = $this->get($field);
|
||||||
|
if (!is_scalar($entry)) {
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
return $this->clearString((string)$entry, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -85,7 +90,9 @@ trait ConvertsDataTypes
|
|||||||
if (null === $string) {
|
if (null === $string) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
$search = [
|
var_dump($string);
|
||||||
|
|
||||||
|
$search = [
|
||||||
"\0", // NUL
|
"\0", // NUL
|
||||||
"\f", // form feed
|
"\f", // form feed
|
||||||
"\v", // vertical tab
|
"\v", // vertical tab
|
||||||
@ -135,14 +142,17 @@ trait ConvertsDataTypes
|
|||||||
"\u{3000}", // ideographic space
|
"\u{3000}", // ideographic space
|
||||||
"\u{FEFF}", // zero width no -break space
|
"\u{FEFF}", // zero width no -break space
|
||||||
];
|
];
|
||||||
$replace = "\x20"; // plain old normal space
|
$replace = "\x20"; // plain old normal space
|
||||||
$string = str_replace($search, $replace, $string);
|
$string = str_replace($search, $replace, $string);
|
||||||
|
|
||||||
$secondSearch = $keepNewlines ? ["\r"] : ["\r", "\n", "\t", "\036", "\025"];
|
$secondSearch = $keepNewlines ? ["\r"] : ["\r", "\n", "\t", "\036", "\025"];
|
||||||
$string = str_replace($secondSearch, '', $string);
|
$string = str_replace($secondSearch, '', $string);
|
||||||
|
|
||||||
// clear zalgo text (TODO also in API v2)
|
// clear zalgo text (TODO also in API v2)
|
||||||
$string = preg_replace('/\pM/u', '', $string);
|
$string = preg_replace('/\pM/u', '', $string);
|
||||||
|
if (null === $string) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
return trim($string);
|
return trim($string);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -162,7 +162,7 @@ class OperatorQuerySearch implements SearchInterface
|
|||||||
} catch (TypeError|LogicException $e) {
|
} catch (TypeError|LogicException $e) {
|
||||||
Log::error($e->getMessage());
|
Log::error($e->getMessage());
|
||||||
Log::error(sprintf('Could not parse search: "%s".', $query));
|
Log::error(sprintf('Could not parse search: "%s".', $query));
|
||||||
throw new FireflyException('Invalid search value. See the logs.', 0, $e);
|
throw new FireflyException(sprintf('Invalid search value "%s". See the logs.', e($query)), 0, $e);
|
||||||
}
|
}
|
||||||
|
|
||||||
Log::debug(sprintf('Found %d node(s)', count($query1->getNodes())));
|
Log::debug(sprintf('Found %d node(s)', count($query1->getNodes())));
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user