summaryrefslogtreecommitdiff
path: root/app/Http/RequestHandlers/ModuleAction.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/Http/RequestHandlers/ModuleAction.php')
-rw-r--r--app/Http/RequestHandlers/ModuleAction.php18
1 files changed, 12 insertions, 6 deletions
diff --git a/app/Http/RequestHandlers/ModuleAction.php b/app/Http/RequestHandlers/ModuleAction.php
index 08f5ef946c..a5e5c95773 100644
--- a/app/Http/RequestHandlers/ModuleAction.php
+++ b/app/Http/RequestHandlers/ModuleAction.php
@@ -24,10 +24,12 @@ use Fisharebest\Webtrees\Http\Exceptions\HttpAccessDeniedException;
use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException;
use Fisharebest\Webtrees\Services\ModuleService;
use Fisharebest\Webtrees\Validator;
+use InvalidArgumentException;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
+use function is_string;
use function method_exists;
use function str_contains;
use function strtolower;
@@ -49,10 +51,6 @@ class ModuleAction implements RequestHandlerInterface
/**
* Perform an HTTP action for one of the modules.
- *
- * @param ServerRequestInterface $request
- *
- * @return ResponseInterface
*/
public function handle(ServerRequestInterface $request): ResponseInterface
{
@@ -60,13 +58,21 @@ class ModuleAction implements RequestHandlerInterface
$action = $request->getAttribute('action');
$user = Validator::attributes($request)->user();
+ if (!is_string($module_name)) {
+ throw new InvalidArgumentException('Invalid module_name');
+ }
+
+ if (!is_string($action)) {
+ throw new InvalidArgumentException('Invalid action');
+ }
+
// Check that the module is enabled.
// The module itself will need to check any tree-level access,
// which may be different for each component (tab, menu, etc.) of the module.
$module = $this->module_service->findByName($module_name);
if ($module === null) {
- throw new HttpNotFoundException('Module ' . $module_name . ' does not exist');
+ throw new HttpNotFoundException('Module ' . e($module_name) . ' does not exist');
}
// We'll call a function such as Module::getFooBarAction()
@@ -79,7 +85,7 @@ class ModuleAction implements RequestHandlerInterface
}
if (!method_exists($module, $method)) {
- throw new HttpNotFoundException('Method ' . $method . '() not found in ' . $module_name);
+ throw new HttpNotFoundException('Method ' . e($method) . '() not found in ' . e($module_name));
}
return $module->$method($request);