8000 [HttpKernel] PostValueResolver by jack-worman · Pull Request #47146 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[HttpKernel] PostValueResolver#47146

Closed
jack-worman wants to merge 1 commit intosymfony:6.2from
jack-worman:PostValueResolver
Closed

[HttpKernel] PostValueResolver#47146
jack-worman wants to merge 1 commit intosymfony:6.2from
jack-worman:PostValueResolver

Conversation

@jack-worman
Copy link
Contributor
@jack-worman jack-worman commented Aug 2, 2022
edited
Loading
Q A
Branch? 6.2
Bug fix? no
New feature? yes
Deprecations? no
Tickets N/A
License MIT
Doc PR

Allows controller routes to have $_POST offsets autowired.

#[Route('/index', methods: 'POST')]
public function index(
    #[ResolvePostValue('my_post_var')] string $myPostOffset,
): Response {
    // ...
}

This implementation can be made more abstract to work with all ParameterBag's.

@carsonbot carsonbot added this to the 6.2 milestone Aug 2, 2022
@fabpot
Copy link
Member
fabpot commented Aug 14, 2022

Thank for the PR. We rejected this in the past (in the FrameworkExtraBundle) as I don't think this is something we need/want. When dealing with POST requests, most of the time, using some validation is needed.

@jack-worman
Copy link
Contributor Author
jack-worman commented Aug 19, 2022

Fair enough, but what about a QueryParamResolver? The code basically looks the same, just need to do a couple switches.

@chalasr
Copy link
Member
chalasr commented Sep 19, 2022

Fair enough, but what about a QueryParamResolver?

It has been rejected as well in #19655. As both indeed require some strong validation against the input value, solving this in a generic way would open the door to security issues. So this is better addressed in userland on a per-parameter basis i.e. by writing your own argument value resolver with appropriate checks for every single expected param.

@chalasr
Copy link
Member
chalasr commented Sep 19, 2022

Closing as explained, thanks for proposing.

@chalasr chalasr closed this Sep 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dunglas dunglas Awaiting requested review from dunglas

@chalasr chalasr Awaiting requested review from chalasr

Assignees

No one assigned

Labels

Feature HttpKernel Status: Needs Review

Projects

None yet

Milestone

6.2

Development

Successfully merging this pull request may close these issues.

4 participants

@jack-worman @fabpot @chalasr @carsonbot
0