[TASK] Enforce HTTP methods in module controller #81
Conversation
|
Code Climate has analyzed commit 9a0a4f8 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 0.0% (50% is the threshold). This pull request will bring the total coverage in the repository to 0.0% (0.0% change). View more on Code Climate. |
Pull Request Test Coverage Report for Build 12913179724Details
💛 - Coveralls |
There was a problem hiding this comment.
Hey @konhill, thank you very much for the PR. I made a few suggestions. In addition, I'd categorize this change as maintenance task rather than bugfix. Would you be so kind and address the requested changes? Thanks in advance!
| @@ -67,6 +69,7 @@ public function __invoke(Message\ServerRequestInterface $request): Message\Respo | |||
|
|
|||
| // Force redirect when page selector was used | |||
| if ($request->getMethod() === 'POST' && !isset($request->getQueryParams()['page'])) { | |||
| $this->assertAllowedHttpMethod($request, 'POST'); | |||
There was a problem hiding this comment.
The security check is superfluous here; we already verify and allow POST in the line above.
| @@ -92,7 +95,7 @@ public function __invoke(Message\ServerRequestInterface $request): Message\Respo | |||
| if ($this->typo3Version->getMajorVersion() < 12) { | |||
| return $this->renderLegacyTemplate($template, $templateVariables); | |||
| } | |||
|
|
|||
| $this->assertAllowedHttpMethod($request, 'GET'); | |||
There was a problem hiding this comment.
The assertion should happen as very first check in the action. Thus, it should be moved to line 64. Since POST and GET methods are allowed it should be changed to:
| $this->assertAllowedHttpMethod($request, 'GET'); | |
| $this->assertAllowedHttpMethod($request, 'GET', 'POST'); |
| @@ -43,6 +44,7 @@ | |||
| final class MailqueueModuleController | |||
| { | |||
| use Traits\TranslatableTrait; | |||
| use AllowedMethodsTrait; | |||
There was a problem hiding this comment.
The TYPO3\CMS\Core namespace is already imported, thus the import should be written like follows:
| use AllowedMethodsTrait; | |
| use Core\Http\AllowedMethodsTrait; |
eliashaeussler
added
maintenance
eliashaeussler
changed the title
|
💡 One more thing: We should adapt the dependency constraints of TYPO3 extensions to require at least those versions which contain the newly introduced trait:
|
No description provided.