diff --git a/src/Controller/Admin/BlogController.php b/src/Controller/Admin/BlogController.php index faaaab1eb..020a3a2f6 100644 --- a/src/Controller/Admin/BlogController.php +++ b/src/Controller/Admin/BlogController.php @@ -23,6 +23,7 @@ use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Attribute\Route; +use Symfony\Component\Routing\Requirement\Requirement; use Symfony\Component\Security\Http\Attribute\CurrentUser; use Symfony\Component\Security\Http\Attribute\IsGranted; @@ -118,7 +119,7 @@ public function new( /** * Finds and displays a Post entity. */ - #[Route('/{id<\d+>}', name: 'admin_post_show', methods: ['GET'])] + #[Route('/{id}', name: 'admin_post_show', requirements: ['id' => Requirement::POSITIVE_INT], methods: ['GET'])] public function show(Post $post): Response { // This security check can also be performed @@ -133,7 +134,7 @@ public function show(Post $post): Response /** * Displays a form to edit an existing Post entity. */ - #[Route('/{id<\d+>}/edit', name: 'admin_post_edit', methods: ['GET', 'POST'])] + #[Route('/{id}/edit', name: 'admin_post_edit', requirements: ['id' => Requirement::POSITIVE_INT], methods: ['GET', 'POST'])] #[IsGranted('edit', subject: 'post', message: 'Posts can only be edited by their authors.')] public function edit(Request $request, Post $post, EntityManagerInterface $entityManager): Response { @@ -156,7 +157,7 @@ public function edit(Request $request, Post $post, EntityManagerInterface $entit /** * Deletes a Post entity. */ - #[Route('/{id}/delete', name: 'admin_post_delete', methods: ['POST'])] + #[Route('/{id}/delete', name: 'admin_post_delete', requirements: ['id' => Requirement::POSITIVE_INT], methods: ['POST'])] #[IsGranted('delete', subject: 'post')] public function delete(Request $request, Post $post, EntityManagerInterface $entityManager): Response { diff --git a/src/Controller/BlogController.php b/src/Controller/BlogController.php index 612e47147..4b3d99147 100644 --- a/src/Controller/BlogController.php +++ b/src/Controller/BlogController.php @@ -26,6 +26,7 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpKernel\Attribute\Cache; use Symfony\Component\Routing\Attribute\Route; +use Symfony\Component\Routing\Requirement\Requirement; use Symfony\Component\Security\Http\Attribute\CurrentUser; use Symfony\Component\Security\Http\Attribute\IsGranted; @@ -46,7 +47,7 @@ final class BlogController extends AbstractController */ #[Route('/', name: 'blog_index', defaults: ['page' => '1', '_format' => 'html'], methods: ['GET'])] #[Route('/rss.xml', name: 'blog_rss', defaults: ['page' => '1', '_format' => 'xml'], methods: ['GET'])] - #[Route('/page/{page<[1-9]\d{0,8}>}', name: 'blog_index_paginated', defaults: ['_format' => 'html'], methods: ['GET'])] + #[Route('/page/{page}', name: 'blog_index_paginated', defaults: ['_format' => 'html'], requirements: ['page' => Requirement::POSITIVE_INT], methods: ['GET'])] #[Cache(smaxage: 10)] public function index(Request $request, int $page, string $_format, PostRepository $posts, TagRepository $tags): Response { @@ -74,7 +75,7 @@ public function index(Request $request, int $page, string $_format, PostReposito * * See https://symfony.com/doc/current/doctrine.html#automatically-fetching-objects-entityvalueresolver */ - #[Route('/posts/{slug}', name: 'blog_post', methods: ['GET'])] + #[Route('/posts/{slug}', name: 'blog_post', requirements: ['slug' => Requirement::ASCII_SLUG], methods: ['GET'])] public function postShow(Post $post): Response { // Symfony's 'dump()' function is an improved version of PHP's 'var_dump()' but @@ -100,7 +101,7 @@ public function postShow(Post $post): Response * * See https://symfony.com/doc/current/doctrine.html#doctrine-entity-value-resolver */ - #[Route('/comment/{postSlug}/new', name: 'comment_new', methods: ['POST'])] + #[Route('/comment/{postSlug}/new', name: 'comment_new', requirements: ['postSlug' => Requirement::ASCII_SLUG], methods: ['POST'])] #[IsGranted('IS_AUTHENTICATED')] public function commentNew( #[CurrentUser] User $user,