diff options
Diffstat (limited to 'app/Http/RequestHandlers/ModuleAction.php')
| -rw-r--r-- | app/Http/RequestHandlers/ModuleAction.php | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/app/Http/RequestHandlers/ModuleAction.php b/app/Http/RequestHandlers/ModuleAction.php index 08f5ef946c..a5e5c95773 100644 --- a/app/Http/RequestHandlers/ModuleAction.php +++ b/app/Http/RequestHandlers/ModuleAction.php @@ -24,10 +24,12 @@ use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException; use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException; use Fisharebest\Webtrees\Services\ModuleService; use Fisharebest\Webtrees\Validator; +use InvalidArgumentException; use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Server\RequestHandlerInterface; +use function is_string; use function method_exists; use function str_contains; use function strtolower; @@ -49,10 +51,6 @@ class ModuleAction implements RequestHandlerInterface /** * Perform an HTTP action for one of the modules. - * - * @param ServerRequestInterface $request - * - * @return ResponseInterface */ public function handle(ServerRequestInterface $request): ResponseInterface { @@ -60,13 +58,21 @@ class ModuleAction implements RequestHandlerInterface $action = $request->getAttribute('action'); $user = Validator::attributes($request)->user(); + if (!is_string($module_name)) { + throw new InvalidArgumentException('Invalid module_name'); + } + + if (!is_string($action)) { + throw new InvalidArgumentException('Invalid action'); + } + // Check that the module is enabled. // The module itself will need to check any tree-level access, // which may be different for each component (tab, menu, etc.) of the module. $module = $this->module_service->findByName($module_name); if ($module === null) { - throw new HttpNotFoundException('Module ' . $module_name . ' does not exist'); + throw new HttpNotFoundException('Module ' . e($module_name) . ' does not exist'); } // We'll call a function such as Module::getFooBarAction() @@ -79,7 +85,7 @@ class ModuleAction implements RequestHandlerInterface } if (!method_exists($module, $method)) { - throw new HttpNotFoundException('Method ' . $method . '() not found in ' . $module_name); + throw new HttpNotFoundException('Method ' . e($method) . '() not found in ' . e($module_name)); } return $module->$method($request); |
