Mirrors/grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2025-02-20 19:56:53 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improved form validation JSON responses to contain list of failed fields with their error messages

Browse Source
This commit is contained in:
Matias Griese 2021-11-12 09:36:54 +02:00
parent d9c9f6a5eb
commit e6911ce24a
4 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -9,6 +9,7 @@
* Added `route` and `request` to `onPagesInitialized` event
* Improved page cloning, added method `Page::initialize()`
* Improved `FlexObject::getChanges()`: return changed lists and arrays as whole instead of just changed keys/values
* Improved form validation JSON responses to contain list of failed fields with their error messages
3. [](#bugfix)
* Fixed path traversal vulnerability when using `bin/grav server`
* Fixed unescaped error messages in JSON error responses

23
system/src/Grav/Common/Data/ValidationException.php
View File

@ -10,16 +10,18 @@
namespace Grav\Common\Data;
use Grav\Common\Grav;
use JsonSerializable;
use RuntimeException;
/**
* Class ValidationException
* @package Grav\Common\Data
*/
class ValidationException extends RuntimeException
class ValidationException extends RuntimeException implements JsonSerializable
{
/** @var array */
protected $messages = [];
protected $escape = true;
/**
* @param array $messages
@ -32,21 +34,34 @@ class ValidationException extends RuntimeException
$language = Grav::instance()['language'];
$this->message = $language->translate('GRAV.FORM.VALIDATION_FAIL', null, true) . ' ' . $this->message;
foreach ($messages as $variable => &$list) {
foreach ($messages as $list) {
$list = array_unique($list);
foreach ($list as $message) {
$this->message .= "<br/>$message";
$this->message .= '<br/>' . htmlspecialchars($message, ENT_QUOTES | ENT_HTML5, 'UTF-8');
}
}
return $this;
}
public function setSimpleMessage(bool $escape = true): void
{
$first = reset($this->messages);
$message = reset($first);
$this->message = $escape ? htmlspecialchars($message, ENT_QUOTES | ENT_HTML5, 'UTF-8') : $message;
}
/**
* @return array
*/
public function getMessages()
public function getMessages(): array
{
return $this->messages;
}
public function jsonSerialize(): array
{
return ['validation' => $this->messages];
}
}

6
system/src/Grav/Framework/Controller/Traits/ControllerResponseTrait.php
View File

@ -19,6 +19,7 @@ use Grav\Common\Utils;
use Grav\Framework\Psr7\Response;
use Grav\Framework\RequestHandler\Exception\RequestException;
use Grav\Framework\Route\Route;
use JsonSerializable;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\StreamInterface;
@ -209,6 +210,9 @@ trait ControllerResponseTrait
} else {
$message = htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8');
}
$extra = $e instanceof JsonSerializable ? $e->jsonSerialize() : [];
$response = [
'code' => $code,
'status' => 'error',
@ -216,7 +220,7 @@ trait ControllerResponseTrait
'error' => [
'code' => $code,
'message' => $message
]
] + $extra
];
/** @var Debugger $debugger */

6
system/src/Grav/Framework/RequestHandler/Middlewares/Exceptions.php
View File

@ -16,6 +16,7 @@ use Grav\Common\Debugger;
use Grav\Common\Grav;
use Grav\Framework\Psr7\Response;
use JsonException;
use JsonSerializable;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
@ -46,6 +47,9 @@ class Exceptions implements MiddlewareInterface
} else {
$message = htmlspecialchars($exception->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8');
}
$extra = $exception instanceof JsonSerializable ? $exception->jsonSerialize() : [];
$response = [
'code' => $code,
'status' => 'error',
@ -53,7 +57,7 @@ class Exceptions implements MiddlewareInterface
'error' => [
'code' => $code,
'message' => $message,
]
] + $extra
];
/** @var Debugger $debugger */