Skip to content

Commit ce5e5d4

Browse files
Merge pull request #59600 from nextcloud/bugfix/noid/add-default-limit-restrictions
fix(controller): Add default range to $limit parameter
2 parents c73ddd4 + 7ed9191 commit ce5e5d4

2 files changed

Lines changed: 38 additions & 10 deletions

File tree

lib/private/AppFramework/Http/Dispatcher.php

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,9 @@
2626
* Class to dispatch the request to the middleware dispatcher
2727
*/
2828
class Dispatcher {
29+
public const DEFAULT_MIN = 1;
30+
public const DEFAULT_MAX = 500;
31+
2932
/**
3033
* @param Http $protocol the http protocol with contains all status headers
3134
* @param MiddlewareDispatcher $middlewareDispatcher the dispatcher which
@@ -149,7 +152,7 @@ private function executeController(Controller $controller, string $methodName):
149152
$value = false;
150153
} elseif ($value !== null && \in_array($type, $types, true)) {
151154
settype($value, $type);
152-
$this->ensureParameterValueSatisfiesRange($param, $value);
155+
$this->ensureParameterValueSatisfiesRange($param, $value, $default);
153156
} elseif ($value === null && $type !== null && $this->appContainer->has($type)) {
154157
$value = $this->appContainer->get($type);
155158
}
@@ -193,7 +196,7 @@ private function executeController(Controller $controller, string $methodName):
193196
* @psalm-param mixed $value
194197
* @throws ParameterOutOfRangeException
195198
*/
196-
private function ensureParameterValueSatisfiesRange(string $param, $value): void {
199+
private function ensureParameterValueSatisfiesRange(string $param, $value, $default): void {
197200
$rangeInfo = $this->reflector->getRange($param);
198201
if ($rangeInfo) {
199202
if ($value < $rangeInfo['min'] || $value > $rangeInfo['max']) {
@@ -204,6 +207,15 @@ private function ensureParameterValueSatisfiesRange(string $param, $value): void
204207
$rangeInfo['max'],
205208
);
206209
}
210+
} elseif ($param === 'limit') {
211+
if ($value !== $default && ($value < self::DEFAULT_MIN || $value > self::DEFAULT_MAX)) {
212+
throw new ParameterOutOfRangeException(
213+
$param,
214+
$value,
215+
self::DEFAULT_MIN,
216+
self::DEFAULT_MAX,
217+
);
218+
}
207219
}
208220
}
209221
}

tests/lib/AppFramework/Http/DispatcherTest.php

Lines changed: 24 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -549,18 +549,34 @@ public static function rangeDataProvider(): array {
549549
[7, 14, 5, true],
550550
[7, 14, 10, false],
551551
[-14, -7, -10, false],
552+
[null, null, -1, false],
553+
554+
// $limit comes with default limits of self::DEFAULT_MIN (1) <= $limit <= self::DEFAULT_MAX (500)
555+
[null, null, -1, true, 'limit'],
556+
[null, null, -1, false, 'limit', -1],
557+
[null, null, 0, true, 'limit'],
558+
[null, null, 0, true, 'limit', -1],
559+
[null, null, 1, false, 'limit'],
560+
[null, null, 500, false, 'limit'],
561+
[null, null, 501, true, 'limit'],
552562
];
553563
}
554564

555565
#[\PHPUnit\Framework\Attributes\DataProvider('rangeDataProvider')]
556-
public function testEnsureParameterValueSatisfiesRange(int $min, int $max, int $input, bool $throw): void {
566+
public function testEnsureParameterValueSatisfiesRange(?int $min, ?int $max, int $input, bool $throw, string $param = 'myArgument', ?int $default = null): void {
557567
$this->reflector = $this->createMock(ControllerMethodReflector::class);
558-
$this->reflector->expects($this->any())
559-
->method('getRange')
560-
->willReturn([
561-
'min' => $min,
562-
'max' => $max,
563-
]);
568+
if ($min === null && $max === null) {
569+
$this->reflector->expects($this->any())
570+
->method('getRange')
571+
->willReturn(null);
572+
} else {
573+
$this->reflector->expects($this->any())
574+
->method('getRange')
575+
->willReturn([
576+
'min' => $min,
577+
'max' => $max,
578+
]);
579+
}
564580

565581
$this->dispatcher = new Dispatcher(
566582
$this->http,
@@ -578,7 +594,7 @@ public function testEnsureParameterValueSatisfiesRange(int $min, int $max, int $
578594
$this->expectException(ParameterOutOfRangeException::class);
579595
}
580596

581-
$this->invokePrivate($this->dispatcher, 'ensureParameterValueSatisfiesRange', ['myArgument', $input]);
597+
self::invokePrivate($this->dispatcher, 'ensureParameterValueSatisfiesRange', [$param, $input, $default]);
582598
if (!$throw) {
583599
// do not mark this test risky
584600
$this->assertTrue(true);

0 commit comments

Comments
 (0)