diff options
| -rw-r--r-- | app/Http/RequestHandlers/ModuleAction.php | 18 | ||||
| -rw-r--r-- | app/Module/SiteMapModule.php | 2 | ||||
| -rw-r--r-- | phpstan-baseline.neon | 30 |
3 files changed, 13 insertions, 37 deletions
diff --git a/app/Http/RequestHandlers/ModuleAction.php b/app/Http/RequestHandlers/ModuleAction.php index 08f5ef946c..a5e5c95773 100644 --- a/app/Http/RequestHandlers/ModuleAction.php +++ b/app/Http/RequestHandlers/ModuleAction.php @@ -24,10 +24,12 @@ use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException; use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException; use Fisharebest\Webtrees\Services\ModuleService; use Fisharebest\Webtrees\Validator; +use InvalidArgumentException; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\RequestHandlerInterface; +use function is_string; use function method_exists; use function str_contains; use function strtolower; @@ -49,10 +51,6 @@ class ModuleAction implements RequestHandlerInterface /** * Perform an HTTP action for one of the modules. - * - * @param ServerRequestInterface $request - * - * @return ResponseInterface */ public function handle(ServerRequestInterface $request): ResponseInterface { @@ -60,13 +58,21 @@ class ModuleAction implements RequestHandlerInterface $action = $request->getAttribute('action'); $user = Validator::attributes($request)->user(); + if (!is_string($module_name)) { + throw new InvalidArgumentException('Invalid module_name'); + } + + if (!is_string($action)) { + throw new InvalidArgumentException('Invalid action'); + } + // Check that the module is enabled. // The module itself will need to check any tree-level access, // which may be different for each component (tab, menu, etc.) of the module. $module = $this->module_service->findByName($module_name); if ($module === null) { - throw new HttpNotFoundException('Module ' . $module_name . ' does not exist'); + throw new HttpNotFoundException('Module ' . e($module_name) . ' does not exist'); } // We'll call a function such as Module::getFooBarAction() @@ -79,7 +85,7 @@ class ModuleAction implements RequestHandlerInterface } if (!method_exists($module, $method)) { - throw new HttpNotFoundException('Method ' . $method . '() not found in ' . $module_name); + throw new HttpNotFoundException('Method ' . e($method) . '() not found in ' . e($module_name)); } return $module->$method($request); diff --git a/app/Module/SiteMapModule.php b/app/Module/SiteMapModule.php index b521ea6a67..d2d035801e 100644 --- a/app/Module/SiteMapModule.php +++ b/app/Module/SiteMapModule.php @@ -336,7 +336,7 @@ class SiteMapModule extends AbstractModule implements ModuleConfigInterface, Req break; default: - throw new HttpNotFoundException('Invalid record type: ' . $type); + throw new HttpNotFoundException('Invalid record type: ' . e($type)); } // Skip private records. diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon index 07d9651b26..bd4a562fe3 100644 --- a/phpstan-baseline.neon +++ b/phpstan-baseline.neon @@ -2377,42 +2377,12 @@ parameters: path: app/Http/RequestHandlers/MergeTreesAction.php - - message: '#^Binary operation "\." between ''Module '' and mixed results in an error\.$#' - identifier: binaryOp.invalid - count: 1 - path: app/Http/RequestHandlers/ModuleAction.php - - - - message: '#^Binary operation "\." between non\-falsy\-string and mixed results in an error\.$#' - identifier: binaryOp.invalid - count: 1 - path: app/Http/RequestHandlers/ModuleAction.php - - - - message: '#^Binary operation "\." between string and mixed results in an error\.$#' - identifier: binaryOp.invalid - count: 1 - path: app/Http/RequestHandlers/ModuleAction.php - - - message: '#^Method Fisharebest\\Webtrees\\Http\\RequestHandlers\\ModuleAction\:\:handle\(\) should return Psr\\Http\\Message\\ResponseInterface but returns mixed\.$#' identifier: return.type count: 1 path: app/Http/RequestHandlers/ModuleAction.php - - message: '#^Parameter \#1 \$haystack of function str_contains expects string, mixed given\.$#' - identifier: argument.type - count: 1 - path: app/Http/RequestHandlers/ModuleAction.php - - - - message: '#^Parameter \#1 \$module_name of method Fisharebest\\Webtrees\\Services\\ModuleService\:\:findByName\(\) expects string, mixed given\.$#' - identifier: argument.type - count: 1 - path: app/Http/RequestHandlers/ModuleAction.php - - - message: '#^Parameter \#1 \$token of method Fisharebest\\Webtrees\\Services\\UserService\:\:findByToken\(\) expects string, mixed given\.$#' identifier: argument.type count: 1 |
