Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Ensure the API request data are string

Browse Source 
In case an array was passed to an endpoint or token, there was a fatal error.
[MAILPOET-6348]
This commit is contained in:
Rostislav Wolny
2024-11-27 12:57:07 +01:00
committed by Aschepikov
parent ea6c705a97
commit d6d71c7cc3
2 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
mailpoet/lib/API/JSON/API.php
View File

@ -122,20 +122,20 @@ class API {
} }
public function setRequestData($data, $requestType) { public function setRequestData($data, $requestType) {
$this->requestApiVersion = !empty($data['api_version']) ? $data['api_version'] : false; $this->requestApiVersion = (!empty($data['api_version']) && is_string($data['api_version'])) ? $data['api_version'] : false;
$this->requestEndpoint = isset($data['endpoint']) $this->requestEndpoint = (isset($data['endpoint']) && is_string($data['endpoint']))
? Helpers::underscoreToCamelCase(trim($data['endpoint'])) ? Helpers::underscoreToCamelCase(trim($data['endpoint']))
: null; : null;
// JS part of /wp-admin/customize.php does not like a 'method' field in a form widget // JS part of /wp-admin/customize.php does not like a 'method' field in a form widget
$methodParamName = isset($data['mailpoet_method']) ? 'mailpoet_method' : 'method'; $methodParamName = isset($data['mailpoet_method']) ? 'mailpoet_method' : 'method';
$this->requestMethod = isset($data[$methodParamName]) $this->requestMethod = (isset($data[$methodParamName]) && is_string($data[$methodParamName]))
? Helpers::underscoreToCamelCase(trim($data[$methodParamName])) ? Helpers::underscoreToCamelCase(trim($data[$methodParamName]))
: null; : null;
$this->requestType = $requestType; $this->requestType = $requestType;
$this->requestToken = isset($data['token']) $this->requestToken = (isset($data['token']) && is_string($data['token']))
? trim($data['token']) ? trim($data['token'])
: null; : null;

31
mailpoet/tests/integration/API/JSON/APITest.php
View File

@ -122,6 +122,37 @@ class APITest extends \MailPoetTest {
verify($response->status)->equals(APIResponse::STATUS_BAD_REQUEST); verify($response->status)->equals(APIResponse::STATUS_BAD_REQUEST);
} }
public function testItReturns400ErrorWhenInvalidDataTypeInEndpoint() {
$data = [
'endpoint' => ['a_p_i_test_namespaced_endpoint_stub_v1'],
'method' => 'test',
];
$response = $this->api->setRequestData($data, Endpoint::TYPE_POST);
verify($response->status)->equals(APIResponse::STATUS_BAD_REQUEST);
}
public function testItReturns400ErrorWhenInvalidDataTypeInMethod() {
$data = [
'endpoint' => 'a_p_i_test_namespaced_endpoint_stub_v1',
'method' => ['test'],
];
$response = $this->api->setRequestData($data, Endpoint::TYPE_POST);
verify($response->status)->equals(APIResponse::STATUS_BAD_REQUEST);
}
public function testItReturns400ErrorWhenInvalidDataTypeInToken() {
$data = [
'endpoint' => 'a_p_i_test_namespaced_endpoint_stub_v1',
'method' => 'test',
'token' => ['test'],
];
$response = $this->api->setRequestData($data, Endpoint::TYPE_POST);
verify($response->status)->equals(APIResponse::STATUS_BAD_REQUEST);
}
public function testItAcceptsAndProcessesAPIVersion() { public function testItAcceptsAndProcessesAPIVersion() {
$namespace = [ $namespace = [
'name' => 'MailPoet\API\JSON\v2', 'name' => 'MailPoet\API\JSON\v2',