From d8f9f287007f7865e119ce691f4facb40414afe4 Mon Sep 17 00:00:00 2001
From: "florian.azizian" <florian.azizian@maarch.org>
Date: Wed, 31 Jan 2018 15:10:08 +0100
Subject: [PATCH] FIX #37 TU action admin
---
core/Test/ActionsControllerTest.php | 6 +++---
src/app/action/controllers/ActionController.php | 5 +++++
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/core/Test/ActionsControllerTest.php b/core/Test/ActionsControllerTest.php
index c8a6b04c1c0..4393207e3b7 100755
--- a/core/Test/ActionsControllerTest.php
+++ b/core/Test/ActionsControllerTest.php
@@ -98,9 +98,9 @@ class ActionsControllerTest extends TestCase
// FAIL READ
$actionController = new \Action\controllers\ActionController();
- $response = $actionController->getById($request, new \Slim\Http\Response(), []);
+ $response = $actionController->getById($request, new \Slim\Http\Response(), ['id' => 'gaz']);
$responseBody = json_decode((string)$response->getBody());
- $this->assertSame('id is empty', $responseBody->errors);
+ $this->assertSame('Id is not a numeric', $responseBody->errors);
}
@@ -198,7 +198,7 @@ class ActionsControllerTest extends TestCase
public function testGetInitAction()
{
- // DELETE
+ // InitAction
$environment = \Slim\Http\Environment::mock(['REQUEST_METHOD' => 'GET']);
$request = \Slim\Http\Request::createFromEnvironment($environment);
diff --git a/src/app/action/controllers/ActionController.php b/src/app/action/controllers/ActionController.php
index 77b0202bc97..83e4c5e4c29 100644
--- a/src/app/action/controllers/ActionController.php
+++ b/src/app/action/controllers/ActionController.php
@@ -33,6 +33,11 @@ class ActionController
public function getById(Request $request, Response $response, $aArgs)
{
+ if (!Validator::intVal()->validate($aArgs['id'])) {
+ return $response
+ ->withStatus(500)
+ ->withJson(['errors' => 'Id is not a numeric']);
+ }
$obj['action'] = ActionModel::getById(['id' => $aArgs['id']]);
if(!empty($obj['action'])){
--
GitLab