From: Tim Düsterhus Date: Wed, 1 Jun 2022 08:30:55 +0000 (+0200) Subject: Reject empty `controller` in ControllerMap::resolveCustomController() X-Git-Tag: 6.0.0_Alpha_1~1224^2~4 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=4a40217a1e5bfe9a2f7d9f4b7c485add6baa7213;p=GitHub%2FWoltLab%2FWCF.git Reject empty `controller` in ControllerMap::resolveCustomController() Based on the current callers of this method it is impossible that an empty string is passed in: - In LookupRequestRoute the matched controller will always contain a non-slash character, unless the URL itself only consists of slashes, which is rejected early. - In ControllerMap::lookupDefaultController() the method will only be called if the `routePart` of the landing page matches `__WCF_CMS__` which is only the case if the page does not have an controller assigned. In that case the invariant that a custom URL must be configured holds and `->lookupCmsPage()` will not return an empty controller value. --- diff --git a/wcfsetup/install/files/lib/system/request/ControllerMap.class.php b/wcfsetup/install/files/lib/system/request/ControllerMap.class.php index d76adf3109..56bf21d2dd 100644 --- a/wcfsetup/install/files/lib/system/request/ControllerMap.class.php +++ b/wcfsetup/install/files/lib/system/request/ControllerMap.class.php @@ -141,6 +141,10 @@ class ControllerMap extends SingletonFactory */ public function resolveCustomController($application, $controller) { + if ($controller === '') { + throw new \InvalidArgumentException('The given controller must not be empty.'); + } + if (isset($this->applicationOverrides['lookup'][$application][$controller])) { $application = $this->applicationOverrides['lookup'][$application][$controller]; }