diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index b26f1cac0a..051a2af275 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -21,6 +21,7 @@ Yii Framework 2 Change Log - Bug #13592: Fixes Oracle’s `yii\db\oci\Schema::setTransactionIsolationLevel()` (sergeymakinen) - Bug #13594: Fixes insufficient quoting in `yii\db\QueryBuilder::prepareInsertSelectSubQuery()` (sergeymakinen) - Enh #13576: Added support of `srcset` to `yii\helpers\Html::img()` (Kolyunya) +- Enh #8641: Enhanced `yii\console\Request::resolve()` to prevent passing parameters, that begin from digits (silverfire) - Enh #13467: `yii\data\ActiveDataProvider` no longer queries models if models count is zero (kLkA, Kolyunya) - Enh #13582: Added tests for all `yii\db\QueryBuilder::resetSequence` implementations, fixed SQLite implementation (boboldehampsink) diff --git a/framework/console/Request.php b/framework/console/Request.php index 7b667be64d..637e3b348a 100644 --- a/framework/console/Request.php +++ b/framework/console/Request.php @@ -7,6 +7,8 @@ namespace yii\console; +use yii\base\InvalidParamException; + /** * The console Request represents the environment information for a console application. * @@ -53,6 +55,7 @@ class Request extends \yii\base\Request /** * Resolves the current request into a route and the associated parameters. * @return array the first element is the route, and the second is the associated parameters. + * @throws InvalidParamException when parameter is wrong and can not be resolved */ public function resolve() { @@ -77,6 +80,10 @@ class Request extends \yii\base\Request $endOfOptionsFound = true; } elseif (preg_match('/^--(\w+)(?:=(.*))?$/', $param, $matches)) { $name = $matches[1]; + if (is_numeric(substr($name, 0, 1))) { + throw new InvalidParamException('Parameter "' . $name . '" is not valid'); + } + if ($name !== Application::OPTION_APPCONFIG) { $params[$name] = isset($matches[2]) ? $matches[2] : true; } diff --git a/tests/framework/console/RequestTest.php b/tests/framework/console/RequestTest.php index 130de9bf9d..d23186d811 100644 --- a/tests/framework/console/RequestTest.php +++ b/tests/framework/console/RequestTest.php @@ -18,8 +18,8 @@ class RequestTest extends TestCase 'expected' => [ 'route' => 'controller', 'params' => [ - ] - ] + ], + ], ], [ 'params' => [ @@ -29,7 +29,7 @@ class RequestTest extends TestCase '--option1', '--option2=testValue', '-alias1', - '-alias2=testValue' + '-alias2=testValue', ], 'expected' => [ 'route' => 'controller/route', @@ -40,10 +40,10 @@ class RequestTest extends TestCase 'option2' => 'testValue', '_aliases' => [ 'alias1' => true, - 'alias2' => 'testValue' - ] - ] - ] + 'alias2' => 'testValue', + ], + ], + ], ], [ // Case: Special argument "End of Options" used @@ -62,7 +62,7 @@ class RequestTest extends TestCase '--', // Second `--` argument shouldn't be treated as special '--option4=testValue', '-alias3', - '-alias4=testValue' + '-alias4=testValue', ], 'expected' => [ 'route' => 'controller/route', @@ -73,7 +73,7 @@ class RequestTest extends TestCase 'option2' => 'testValue', '_aliases' => [ 'alias1' => true, - 'alias2' => 'testValue' + 'alias2' => 'testValue', ], 'param2', '-54321', @@ -81,9 +81,9 @@ class RequestTest extends TestCase '--', '--option4=testValue', '-alias3', - '-alias4=testValue' - ] - ] + '-alias4=testValue', + ], + ], ], [ // Case: Special argument "End of Options" placed before route @@ -95,7 +95,7 @@ class RequestTest extends TestCase '--option1', '--option2=testValue', '-alias1', - '-alias2=testValue' + '-alias2=testValue', ], 'expected' => [ 'route' => 'controller/route', @@ -105,18 +105,40 @@ class RequestTest extends TestCase '--option1', '--option2=testValue', '-alias1', - '-alias2=testValue' - ] - ] - ] + '-alias2=testValue', + ], + ], + ], + [ + // PHP does not allow variable name, starting with digit. + // InvalidParamException must be thrown during request resolving: + 'params' => [ + 'controller/route', + '--0=test', + '--1=testing', + ], + 'expected' => [ + 'route' => 'controller/route', + 'params' => [ + ], + ], + 'exception' => [ + '\yii\base\InvalidParamException', + 'Parameter "0" is not valid' + ], + ], ]; } /** * @dataProvider provider */ - public function testResolve($params, $expected) + public function testResolve($params, $expected, $expectedException = null) { + if (isset($expectedException)) { + $this->setExpectedException($expectedException[0], $expectedException[1]); + } + $request = new Request(); $request->setParams($params);