|
11 | 11 | use Psr\Http\Message\ServerRequestInterface; |
12 | 12 | use Psr\Http\Message\UriInterface; |
13 | 13 | use wcf\data\DatabaseObject; |
| 14 | +use wcf\system\exception\IllegalLinkException; |
14 | 15 | use wcf\system\exception\ParentClassException; |
15 | 16 | use wcf\system\exception\UserInputException; |
16 | 17 | use wcf\util\StringUtil; |
@@ -197,6 +198,48 @@ public static function fetchObjectFromRequestParameter(int|string $objectID, str |
197 | 198 | return $dbo; |
198 | 199 | } |
199 | 200 |
|
| 201 | + /** |
| 202 | + * Fetches a database object using the `id` parameter from GET parameters. |
| 203 | + * |
| 204 | + * If the value does not resolve to an object, i.e. its object id is not |
| 205 | + * truthy, a IllegalLinkException is thrown. |
| 206 | + * |
| 207 | + * @template T of object |
| 208 | + * @param class-string<T> $className |
| 209 | + * @return T |
| 210 | + * @throws IllegalLinkException |
| 211 | + * @throws ParentClassException |
| 212 | + * @since 6.3 |
| 213 | + */ |
| 214 | + public static function fetchObjectFromQueryParameter(string $className): object |
| 215 | + { |
| 216 | + if (!\is_subclass_of($className, DatabaseObject::class)) { |
| 217 | + throw new ParentClassException($className, DatabaseObject::class); |
| 218 | + } |
| 219 | + |
| 220 | + try { |
| 221 | + $queryParameters = self::mapQueryParameters( |
| 222 | + $_GET, |
| 223 | + <<<'EOT' |
| 224 | + array { |
| 225 | + id: positive-int |
| 226 | + } |
| 227 | + EOT |
| 228 | + ); |
| 229 | + } catch (MappingError) { |
| 230 | + throw new IllegalLinkException(); |
| 231 | + } |
| 232 | + |
| 233 | + /** @var DatabaseObject $dbo */ |
| 234 | + $dbo = new $className($queryParameters['id']); |
| 235 | + |
| 236 | + if (!$dbo->getObjectID()) { |
| 237 | + throw new IllegalLinkException(); |
| 238 | + } |
| 239 | + |
| 240 | + return $dbo; |
| 241 | + } |
| 242 | + |
200 | 243 | /** |
201 | 244 | * Forbid creation of Helper objects. |
202 | 245 | */ |
|
0 commit comments