[Catalyst-commits] r9517 - in Catalyst-Controller-DBIC-API/1.001/trunk: lib/Catalyst/Controller/DBIC/API t/rpc t/var

[lukes at dev.catalyst.perl.org]

Author: lukes
Date: 2009-03-18 12:53:51 +0000 (Wed, 18 Mar 2009)
New Revision: 9517

Modified:
   Catalyst-Controller-DBIC-API/1.001/trunk/lib/Catalyst/Controller/DBIC/API/Base.pm
   Catalyst-Controller-DBIC-API/1.001/trunk/t/rpc/list.t
   Catalyst-Controller-DBIC-API/1.001/trunk/t/var/DBIxClass.db
Log:
readded numeric validation for list_count and list_page

Modified: Catalyst-Controller-DBIC-API/1.001/trunk/lib/Catalyst/Controller/DBIC/API/Base.pm
===================================================================
--- Catalyst-Controller-DBIC-API/1.001/trunk/lib/Catalyst/Controller/DBIC/API/Base.pm	2009-03-18 12:24:48 UTC (rev 9516)
+++ Catalyst-Controller-DBIC-API/1.001/trunk/lib/Catalyst/Controller/DBIC/API/Base.pm	2009-03-18 12:53:51 UTC (rev 9517)
@@ -37,6 +37,7 @@
   my ($self, $c) = @_;
 
   my ($params, $args) = @{$c->forward('generate_dbic_search_args')};
+	return if $self->get_errors($c);
 
   $c->stash->{$self->rs_stash_key} = $c->stash->{$self->rs_stash_key}->search($params, $args);
   $c->forward('format_list');
@@ -71,6 +72,16 @@
   $args->{order_by} = $req_params->{list_ordered_by} || ((scalar(@{$self->list_ordered_by})) ? $self->list_ordered_by : undef);
   $args->{rows} = $req_params->{list_count} || $self->list_count;
   $args->{page} = $req_params->{list_page};
+	if ($args->{page}) {
+		unless ($args->{page} =~ /^\d+$/xms) {
+			$self->push_error($c, { message => "list_page must be numeric" });
+		}
+	}
+	if ($args->{rows}) {
+		unless ($args->{rows} =~ /^\d+$/xms) {
+			$self->push_error($c, { message => "list_count must be numeric" });
+		}
+	}
   if ($args->{page} && !$args->{rows}) {
     $self->push_error($c, { message => "list_page can only be used with list_count" });
   }

Modified: Catalyst-Controller-DBIC-API/1.001/trunk/t/rpc/list.t
===================================================================
--- Catalyst-Controller-DBIC-API/1.001/trunk/t/rpc/list.t	2009-03-18 12:24:48 UTC (rev 9516)
+++ Catalyst-Controller-DBIC-API/1.001/trunk/t/rpc/list.t	2009-03-18 12:53:51 UTC (rev 9517)
@@ -139,6 +139,26 @@
 
 {
   my $uri = URI->new( $track_list_url );
+  $uri->query_form({ 'list_ordered_by' => 'cd', 'list_count' => 2, 'list_page' => 'fgdg' });
+  my $req = GET( $uri, 'Accept' => 'text/x-json' );
+  $mech->request($req);
+  cmp_ok( $mech->status, '==', 400, 'non numeric list_page request not okay' );
+  my $response = JSON::Syck::Load( $mech->content);
+  is_deeply({ success => 'false', messages => ["list_page must be numeric"]}, $response, 'correct data returned' );
+}
+
+{
+  my $uri = URI->new( $track_list_url );
+  $uri->query_form({ 'list_ordered_by' => 'cd', 'list_count' => 'sdsdf', 'list_page' => 2 });
+  my $req = GET( $uri, 'Accept' => 'text/x-json' );
+  $mech->request($req);
+  cmp_ok( $mech->status, '==', 400, 'non numeric list_count request not okay' );
+  my $response = JSON::Syck::Load( $mech->content);
+  is_deeply({ success => 'false', messages => ["list_count must be numeric"]}, $response, 'correct data returned' );
+}
+
+{
+  my $uri = URI->new( $track_list_url );
   $uri->query_form({ 'list_ordered_by' => 'cd', 'list_count' => 2, 'list_page' => 2 });
   my $req = GET( $uri, 'Accept' => 'text/x-json' );
   $mech->request($req);

Modified: Catalyst-Controller-DBIC-API/1.001/trunk/t/var/DBIxClass.db
===================================================================
(Binary files differ)