Fix fatal error when providing invalid type in fields and include que…

…ry parameters
woohoolabs · Feb 6, 2018 · 4ffaccd · 4ffaccd
1 parent ec09233
commit 4ffaccd
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,11 +8,17 @@ REMOVED:
 
 FIXED:
 
+## 2.0.6 - unreleased
+
+FIXED:
+
+- [#69](https://github.com/woohoolabs/yin/pull/69): Fatal error when providing invalid types in `fields`, `include` and `sort` query parameters
+
 ## 2.0.5 - 2018-01-31
 
 FIXED:
 
-- [#68](https://github.com/woohoolabs/yin/pull/68): Fix fatal error when resource ID is not string
+- [#68](https://github.com/woohoolabs/yin/pull/68): Fatal error when resource ID is not string
 
 ## 2.0.4 - 2017-09-13
 

diff --git a/src/JsonApi/Exception/QueryParamMalformed.php b/src/JsonApi/Exception/QueryParamMalformed.php
@@ -19,8 +19,6 @@ class QueryParamMalformed extends JsonApiException
     protected $malformedQueryParamValue;
 
     /**
-     * QueryParamMalformed constructor.
-     * @param string $malformedQueryParam
      * @param mixed $malformedQueryParamValue
      */
     public function __construct(string $malformedQueryParam, $malformedQueryParamValue)

diff --git a/src/JsonApi/Request/Request.php b/src/JsonApi/Request/Request.php
@@ -140,13 +140,15 @@ protected function setIncludedFields()
         $this->includedFields = [];
         $fields = $this->getQueryParam("fields", []);
         if (is_array($fields) === false) {
-            return;
+            throw $this->exceptionFactory->createQueryParamMalformedException($this, "fields", $fields);
         }
 
         foreach ($fields as $resourceType => $resourceFields) {
-            if (is_string($resourceFields)) {
-                $this->includedFields[$resourceType] = array_flip(explode(",", $resourceFields));
+            if (is_string($resourceFields) === false) {
+                throw $this->exceptionFactory->createQueryParamMalformedException($this, "fields", $fields);
             }
+
+            $this->includedFields[$resourceType] = array_flip(explode(",", $resourceFields));
         }
     }
 
@@ -187,6 +189,11 @@ protected function setIncludedRelationships()
         $this->includedRelationships = [];
 
         $includeQueryParam = $this->getQueryParam("include", "");
+
+        if (is_string($includeQueryParam) === false) {
+            throw $this->exceptionFactory->createQueryParamMalformedException($this, "include", $includeQueryParam);
+        }
+
         if ($includeQueryParam === "") {
             return;
         }
@@ -235,9 +242,9 @@ public function getIncludedRelationships(string $baseRelationshipPath): array
 
         if (isset($this->includedRelationships[$baseRelationshipPath])) {
             return array_values($this->includedRelationships[$baseRelationshipPath]);
-        } else {
-            return [];
         }
+
+        return [];
     }
 
     /**
@@ -279,9 +286,10 @@ public function getSorting(): array
     protected function setSorting()
     {
         $sortingQueryParam = $this->getQueryParam("sort", "");
-        if (!is_string($sortingQueryParam)) {
+        if (is_string($sortingQueryParam) === false) {
             throw $this->exceptionFactory->createQueryParamMalformedException($this, "sort", $sortingQueryParam);
         }
+
         if ($sortingQueryParam === "") {
             $this->sorting = [];
 

diff --git a/tests/JsonApi/Request/RequestTest.php b/tests/JsonApi/Request/RequestTest.php
@@ -182,6 +182,32 @@ public function getIncludedFieldsForUnspecifiedResource()
         $this->assertEquals([], $request->getIncludedFields($resourceType));
     }
 
+    /**
+     * @test
+     */
+    public function getIncludedFieldWhenMalformed()
+    {
+        $this->expectException(QueryParamMalformed::class);
+
+        $queryParams = ["fields" => ""];
+
+        $request = $this->createRequestWithQueryParams($queryParams);
+        $request->getIncludedFields("");
+    }
+
+    /**
+     * @test
+     */
+    public function getIncludedFieldWhenFieldMalformed()
+    {
+        $this->expectException(QueryParamMalformed::class);
+
+        $queryParams = ["fields" => ["book" => []]];
+
+        $request = $this->createRequestWithQueryParams($queryParams);
+        $request->getIncludedFields("");
+    }
+
     /**
      * @test
      */
@@ -314,6 +340,19 @@ public function getIncludedRelationshipsForMultipleEmbeddedResource()
         $this->assertEquals($includedRelationships, $request->getIncludedRelationships($baseRelationshipPath));
     }
 
+    /**
+     * @test
+     */
+    public function getIncludedRelationshipsWhenMalformed()
+    {
+        $this->expectException(QueryParamMalformed::class);
+
+        $queryParams = ["include" => []];
+
+        $request = $this->createRequestWithQueryParams($queryParams);
+        $request->getIncludedRelationships("");
+    }
+
     /**
      * @test
      */