summaryrefslogtreecommitdiff
path: root/app/Http/RequestHandlers/LoginAction.php
diff options
context:
space:
mode:
authorGreg Roach <greg@subaqua.co.uk>2021-10-02 00:07:33 +0100
committerGreg Roach <greg@subaqua.co.uk>2021-10-02 00:10:35 +0100
commit8d9c2b68ed7d9a4db33b810be9c2e1c927a9b3ff (patch)
tree63778cc8c4ce0228e62cfaf7375e81bbf4e53e93 /app/Http/RequestHandlers/LoginAction.php
parent6d966f6061c06960a42cd833e71f774c44c62daa (diff)
downloadwebtrees-8d9c2b68ed7d9a4db33b810be9c2e1c927a9b3ff.tar.gz
webtrees-8d9c2b68ed7d9a4db33b810be9c2e1c927a9b3ff.tar.bz2
webtrees-8d9c2b68ed7d9a4db33b810be9c2e1c927a9b3ff.zip
Add validator class for HTTP parameters
Diffstat (limited to 'app/Http/RequestHandlers/LoginAction.php')
-rw-r--r--app/Http/RequestHandlers/LoginAction.php17
1 files changed, 7 insertions, 10 deletions
diff --git a/app/Http/RequestHandlers/LoginAction.php b/app/Http/RequestHandlers/LoginAction.php
index a3a9541210..ab8574882b 100644
--- a/app/Http/RequestHandlers/LoginAction.php
+++ b/app/Http/RequestHandlers/LoginAction.php
@@ -30,6 +30,7 @@ use Fisharebest\Webtrees\Services\UpgradeService;
use Fisharebest\Webtrees\Services\UserService;
use Fisharebest\Webtrees\Session;
use Fisharebest\Webtrees\Tree;
+use Fisharebest\Webtrees\Validator;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
@@ -66,13 +67,12 @@ class LoginAction implements RequestHandlerInterface
*/
public function handle(ServerRequestInterface $request): ResponseInterface
{
- $tree = $request->getAttribute('tree');
-
- $params = (array) $request->getParsedBody();
-
- $username = $params['username'];
- $password = $params['password'];
- $url = $params['url'];
+ $tree = $request->getAttribute('tree');
+ $base_url = $request->getAttribute('base_url');
+ $default_url = route(HomePage::class);
+ $username = Validator::parsedBody($request)->string('username') ?? '';
+ $password = Validator::parsedBody($request)->string('password') ?? '';
+ $url = Validator::parsedBody($request)->localUrl($base_url)->string('url') ?? $default_url;
try {
$this->doLogin($username, $password);
@@ -82,9 +82,6 @@ class LoginAction implements RequestHandlerInterface
}
// Redirect to the target URL
- $base_url = $request->getAttribute('base_url');
- $url = str_starts_with($url, $base_url) ? $url : route(HomePage::class);
-
return redirect($url);
} catch (Exception $ex) {
// Failed to log in.