[HttpKernel] Validate typed request attribute values before calling controllers#61458
Conversation
|
Hey! I see that this is your first PR. That is great! Welcome! Symfony has a contribution guide which I suggest you to read. In short:
Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change. When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor! I am going to sit back now and wait for the reviews. Cheers! Carsonbot |
nicolas-grekas
left a comment
There was a problem hiding this comment.
For enums, this looks already covered by BackedEnumValueResolver
For other scalar types, I'd suggest implementing this in RequestAttributeValueResolver
|
Btw, the implementation in RequestAttributeValueResolver should probably use the right getter of the ParameterBag instead of reimplementing the conversion logic in the value resolver after using |
07701bc to
bf5134e
Compare
nicolas-grekas
left a comment
There was a problem hiding this comment.
I reworked the implementation, please have a second look. Please also re-read the description to see if it needs changes.
@symfony/mergers review welcome
β¦ontrollers When a route parameter is bound to a typed controller argument (int, float, bool, string, or \BackedEnum), invalid or out-of-range values now result in an HTTP error instead of triggering a TypeError.
bf5134e to
bb0f715
Compare
nicolas-grekas
left a comment
There was a problem hiding this comment.
Thanks @HypeMC, that's exactly the review I needed π
PR updated
|
Thank you @mudassaralichouhan. |
This PR fixes issue #61451 by introducing a new
RequestAttributeScalarValueResolverthat safely casts request attributes (route parameters) to scalar types (int, float, bool, string, or \BackedEnum).If a value cannot be safely cast (e.g.
9223372036854775808for anint), aNotFoundHttpException(404) is thrown before reaching the controller, avoiding aTypeError.Changes:
RequestAttributeScalarValueResolver(registered with high priority)/{id}route expectingint $idCHANGELOG.mdentry under 7.4This makes route handling safer and more predictable for typed controllers.