8000 [HttpKernel] PostValueResolver by jack-worman · Pull Request #47146 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[HttpKernel] PostValueResolver #47146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[HttpKernel] PostValueResolver #47146

wants to merge 1 commit into from

Conversation

jack-worman
Copy link
Contributor
@jack-worman jack-worman commented Aug 2, 2022
edited
Loading
Q A
Branch? 6.2
Bug fix? no
New feature? yes
Deprecations? no
Tickets N/A
License MIT
Doc PR

Allows controller routes to have $_POST offsets autowired.

#[Route('/index', methods: 'POST')]
public function index(
    #[ResolvePostValue('my_post_var')] string $myPostOffset,
): Response {
    // ...
}

This implementation can be made more abstract to work with all ParameterBag's.

@carsonbot carsonbot added this to the 6.2 milestone Aug 2, 2022
@fabpot
Copy link
Member
fabpot commented Aug 14, 2022

Thank for the PR. We rejected this in the past (in the FrameworkExtraBundle) as I don't think this is something we need/want. When dealing with POST requests, most of the time, using some validation is needed.

@jack-worman
Copy link
Contributor Author

Fair enough, but what about a QueryParamResolver? The code basically looks the same, just need to do a couple switches.

@chalasr
Copy link
Member
chalasr commented Sep 19, 2022

Fair enough, but what about a QueryParamResolver?

It has been rejected as well in #19655. As both indeed require some strong validation against the input value, solving this in a generic way would open the door to security issues. So this is better addressed in userland on a per-parameter basis i.e. by writing your own argument value resolver with appropriate checks for ev ABE5 ery single expected param.

@chalasr
Copy link
Member
chalasr commented Sep 19, 2022

Closing as explained, thanks for proposing.

@chalasr chalasr closed this Sep 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dunglas dunglas Awaiting requested review from dunglas

@chalasr chalasr Awaiting requested review from chalasr

Assignees
No one assigned
Labels
Feature HttpKernel Status: Needs Review
Projects
None yet
Milestone
6.2
Development

Successfully merging this pull request may close these issues.
4 participants
@jack-worman @fabpot @chalasr @carsonbot
0