diff options
| author | Greg Roach <greg@subaqua.co.uk> | 2021-10-02 00:07:33 +0100 |
|---|---|---|
| committer | Greg Roach <greg@subaqua.co.uk> | 2021-10-02 00:10:35 +0100 |
| commit | 8d9c2b68ed7d9a4db33b810be9c2e1c927a9b3ff (patch) | |
| tree | 63778cc8c4ce0228e62cfaf7375e81bbf4e53e93 /app/Http/RequestHandlers/LoginAction.php | |
| parent | 6d966f6061c06960a42cd833e71f774c44c62daa (diff) | |
| download | webtrees-8d9c2b68ed7d9a4db33b810be9c2e1c927a9b3ff.tar.gz webtrees-8d9c2b68ed7d9a4db33b810be9c2e1c927a9b3ff.tar.bz2 webtrees-8d9c2b68ed7d9a4db33b810be9c2e1c927a9b3ff.zip | |
Add validator class for HTTP parameters
Diffstat (limited to 'app/Http/RequestHandlers/LoginAction.php')
| -rw-r--r-- | app/Http/RequestHandlers/LoginAction.php | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/app/Http/RequestHandlers/LoginAction.php b/app/Http/RequestHandlers/LoginAction.php index a3a9541210..ab8574882b 100644 --- a/app/Http/RequestHandlers/LoginAction.php +++ b/app/Http/RequestHandlers/LoginAction.php @@ -30,6 +30,7 @@ use Fisharebest\Webtrees\Services\UpgradeService; use Fisharebest\Webtrees\Services\UserService; use Fisharebest\Webtrees\Session; use Fisharebest\Webtrees\Tree; +use Fisharebest\Webtrees\Validator; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\RequestHandlerInterface; @@ -66,13 +67,12 @@ class LoginAction implements RequestHandlerInterface */ public function handle(ServerRequestInterface $request): ResponseInterface { - $tree = $request->getAttribute('tree'); - - $params = (array) $request->getParsedBody(); - - $username = $params['username']; - $password = $params['password']; - $url = $params['url']; + $tree = $request->getAttribute('tree'); + $base_url = $request->getAttribute('base_url'); + $default_url = route(HomePage::class); + $username = Validator::parsedBody($request)->string('username') ?? ''; + $password = Validator::parsedBody($request)->string('password') ?? ''; + $url = Validator::parsedBody($request)->localUrl($base_url)->string('url') ?? $default_url; try { $this->doLogin($username, $password); @@ -82,9 +82,6 @@ class LoginAction implements RequestHandlerInterface } // Redirect to the target URL - $base_url = $request->getAttribute('base_url'); - $url = str_starts_with($url, $base_url) ? $url : route(HomePage::class); - return redirect($url); } catch (Exception $ex) { // Failed to log in. |
