summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/Http/RequestHandlers/ModuleAction.php18
-rw-r--r--app/Module/SiteMapModule.php2
-rw-r--r--phpstan-baseline.neon30
3 files changed, 13 insertions, 37 deletions
diff --git a/app/Http/RequestHandlers/ModuleAction.php b/app/Http/RequestHandlers/ModuleAction.php
index 08f5ef946c..a5e5c95773 100644
--- a/app/Http/RequestHandlers/ModuleAction.php
+++ b/app/Http/RequestHandlers/ModuleAction.php
@@ -24,10 +24,12 @@ use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException;
use Fisharebest\Webtrees\Services\ModuleService;
use Fisharebest\Webtrees\Validator;
+use InvalidArgumentException;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
+use function is_string;
use function method_exists;
use function str_contains;
use function strtolower;
@@ -49,10 +51,6 @@ class ModuleAction implements RequestHandlerInterface
/**
* Perform an HTTP action for one of the modules.
- *
- * @param ServerRequestInterface $request
- *
- * @return ResponseInterface
*/
public function handle(ServerRequestInterface $request): ResponseInterface
{
@@ -60,13 +58,21 @@ class ModuleAction implements RequestHandlerInterface
$action = $request->getAttribute('action');
$user = Validator::attributes($request)->user();
+ if (!is_string($module_name)) {
+ throw new InvalidArgumentException('Invalid module_name');
+ }
+
+ if (!is_string($action)) {
+ throw new InvalidArgumentException('Invalid action');
+ }
+
// Check that the module is enabled.
// The module itself will need to check any tree-level access,
// which may be different for each component (tab, menu, etc.) of the module.
$module = $this->module_service->findByName($module_name);
if ($module === null) {
- throw new HttpNotFoundException('Module ' . $module_name . ' does not exist');
+ throw new HttpNotFoundException('Module ' . e($module_name) . ' does not exist');
}
// We'll call a function such as Module::getFooBarAction()
@@ -79,7 +85,7 @@ class ModuleAction implements RequestHandlerInterface
}
if (!method_exists($module, $method)) {
- throw new HttpNotFoundException('Method ' . $method . '() not found in ' . $module_name);
+ throw new HttpNotFoundException('Method ' . e($method) . '() not found in ' . e($module_name));
}
return $module->$method($request);
diff --git a/app/Module/SiteMapModule.php b/app/Module/SiteMapModule.php
index b521ea6a67..d2d035801e 100644
--- a/app/Module/SiteMapModule.php
+++ b/app/Module/SiteMapModule.php
@@ -336,7 +336,7 @@ class SiteMapModule extends AbstractModule implements ModuleConfigInterface, Req
break;
default:
- throw new HttpNotFoundException('Invalid record type: ' . $type);
+ throw new HttpNotFoundException('Invalid record type: ' . e($type));
}
// Skip private records.
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
index 07d9651b26..bd4a562fe3 100644
--- a/phpstan-baseline.neon
+++ b/phpstan-baseline.neon
@@ -2377,42 +2377,12 @@ parameters:
path: app/Http/RequestHandlers/MergeTreesAction.php
-
- message: '#^Binary operation "\." between ''Module '' and mixed results in an error\.$#'
- identifier: binaryOp.invalid
- count: 1
- path: app/Http/RequestHandlers/ModuleAction.php
-
- -
- message: '#^Binary operation "\." between non\-falsy\-string and mixed results in an error\.$#'
- identifier: binaryOp.invalid
- count: 1
- path: app/Http/RequestHandlers/ModuleAction.php
-
- -
- message: '#^Binary operation "\." between string and mixed results in an error\.$#'
- identifier: binaryOp.invalid
- count: 1
- path: app/Http/RequestHandlers/ModuleAction.php
-
- -
message: '#^Method Fisharebest\\Webtrees\\Http\\RequestHandlers\\ModuleAction\:\:handle\(\) should return Psr\\Http\\Message\\ResponseInterface but returns mixed\.$#'
identifier: return.type
count: 1
path: app/Http/RequestHandlers/ModuleAction.php
-
- message: '#^Parameter \#1 \$haystack of function str_contains expects string, mixed given\.$#'
- identifier: argument.type
- count: 1
- path: app/Http/RequestHandlers/ModuleAction.php
-
- -
- message: '#^Parameter \#1 \$module_name of method Fisharebest\\Webtrees\\Services\\ModuleService\:\:findByName\(\) expects string, mixed given\.$#'
- identifier: argument.type
- count: 1
- path: app/Http/RequestHandlers/ModuleAction.php
-
- -
message: '#^Parameter \#1 \$token of method Fisharebest\\Webtrees\\Services\\UserService\:\:findByToken\(\) expects string, mixed given\.$#'
identifier: argument.type
count: 1