feature #1472 Improve routes requirements (HeahDude)

javiereguiluz · javiereguiluz · commit 860b954b38eb · 2024-02-05T16:58:22.000+01:00
This PR was merged into the main branch. Discussion ---------- Improve routes requirements Commits ------- c5d6dca Improve routes requirements
diff --git a/src/Controller/Admin/BlogController.php b/src/Controller/Admin/BlogController.php
@@ -23,6 +23,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Routing\Requirement\Requirement;
 use Symfony\Component\Security\Http\Attribute\CurrentUser;
 use Symfony\Component\Security\Http\Attribute\IsGranted;
 
@@ -118,7 +119,7 @@ public function new(
     /**
      * Finds and displays a Post entity.
      */
-    #[Route('/{id<\d+>}', name: 'admin_post_show', methods: ['GET'])]
+    #[Route('/{id}', name: 'admin_post_show', requirements: ['id' => Requirement::POSITIVE_INT], methods: ['GET'])]
     public function show(Post $post): Response
     {
         // This security check can also be performed
@@ -133,7 +134,7 @@ public function show(Post $post): Response
     /**
      * Displays a form to edit an existing Post entity.
      */
-    #[Route('/{id<\d+>}/edit', name: 'admin_post_edit', methods: ['GET', 'POST'])]
+    #[Route('/{id}/edit', name: 'admin_post_edit', requirements: ['id' => Requirement::POSITIVE_INT], methods: ['GET', 'POST'])]
     #[IsGranted('edit', subject: 'post', message: 'Posts can only be edited by their authors.')]
     public function edit(Request $request, Post $post, EntityManagerInterface $entityManager): Response
     {
@@ -156,7 +157,7 @@ public function edit(Request $request, Post $post, EntityManagerInterface $entit
     /**
      * Deletes a Post entity.
      */
-    #[Route('/{id}/delete', name: 'admin_post_delete', methods: ['POST'])]
+    #[Route('/{id}/delete', name: 'admin_post_delete', requirements: ['id' => Requirement::POSITIVE_INT], methods: ['POST'])]
     #[IsGranted('delete', subject: 'post')]
     public function delete(Request $request, Post $post, EntityManagerInterface $entityManager): Response
     {
diff --git a/src/Controller/BlogController.php b/src/Controller/BlogController.php
@@ -26,6 +26,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Attribute\Cache;
 use Symfony\Component\Routing\Attribute\Route;
+use Symfony\Component\Routing\Requirement\Requirement;
 use Symfony\Component\Security\Http\Attribute\CurrentUser;
 use Symfony\Component\Security\Http\Attribute\IsGranted;
 
@@ -46,7 +47,7 @@ final class BlogController extends AbstractController
      */
     #[Route('/', name: 'blog_index', defaults: ['page' => '1', '_format' => 'html'], methods: ['GET'])]
     #[Route('/rss.xml', name: 'blog_rss', defaults: ['page' => '1', '_format' => 'xml'], methods: ['GET'])]
-    #[Route('/page/{page<[1-9]\d{0,8}>}', name: 'blog_index_paginated', defaults: ['_format' => 'html'], methods: ['GET'])]
+    #[Route('/page/{page}', name: 'blog_index_paginated', defaults: ['_format' => 'html'], requirements: ['page' => Requirement::POSITIVE_INT], methods: ['GET'])]
     #[Cache(smaxage: 10)]
     public function index(Request $request, int $page, string $_format, PostRepository $posts, TagRepository $tags): Response
     {
@@ -74,7 +75,7 @@ public function index(Request $request, int $page, string $_format, PostReposito
      *
      * See https://symfony.com/doc/current/doctrine.html#automatically-fetching-objects-entityvalueresolver
      */
-    #[Route('/posts/{slug}', name: 'blog_post', methods: ['GET'])]
+    #[Route('/posts/{slug}', name: 'blog_post', requirements: ['slug' => Requirement::ASCII_SLUG], methods: ['GET'])]
     public function postShow(Post $post): Response
     {
         // Symfony's 'dump()' function is an improved version of PHP's 'var_dump()' but
@@ -100,7 +101,7 @@ public function postShow(Post $post): Response
      *
      * See https://symfony.com/doc/current/doctrine.html#doctrine-entity-value-resolver
      */
-    #[Route('/comment/{postSlug}/new', name: 'comment_new', methods: ['POST'])]
+    #[Route('/comment/{postSlug}/new', name: 'comment_new', requirements: ['postSlug' => Requirement::ASCII_SLUG], methods: ['POST'])]
     #[IsGranted('IS_AUTHENTICATED')]
     public function commentNew(
         #[CurrentUser] User $user,
