minor #1386 Limit page size to prevent integer overflow (Tobion)

This PR was merged into the main branch. Discussion ---------- Limit page size to prevent integer overflow The $param is typed int. So if the routing param does not fit into an int, PHP will throw a TypeError. This in turn would trigger an 500 internal server error. So by requesting a too big page, e.g. `/de/blog/page/147483647147483647147483647`, one can trigger internal errors which should not be possible. I don't think there is an easy solution to this general problem that Symfony could automatically provide. So the best solution seems to be to limit the size of the routing placeholder. With this limit the page will always fit into an int even on a 32-bit platform. Commits ------- 8e14d5c Limit page size to prevent int overflow
symfony · Dec 30, 2022 · 1391d41 · 1391d41
2 parents a126a9b + 8e14d5c
commit 1391d41
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Controller/BlogController.php b/src/Controller/BlogController.php
@@ -46,7 +46,7 @@ class BlogController extends AbstractController
      */
     #[Route('/', defaults: ['page' => '1', '_format' => 'html'], methods: ['GET'], name: 'blog_index')]
     #[Route('/rss.xml', defaults: ['page' => '1', '_format' => 'xml'], methods: ['GET'], name: 'blog_rss')]
-    #[Route('/page/{page<[1-9]\d*>}', defaults: ['_format' => 'html'], methods: ['GET'], name: 'blog_index_paginated')]
+    #[Route('/page/{page<[1-9]\d{0,8}>}', defaults: ['_format' => 'html'], methods: ['GET'], name: 'blog_index_paginated')]
     #[Cache(smaxage: 10)]
     public function index(Request $request, int $page, string $_format, PostRepository $posts, TagRepository $tags): Response
     {