aboutsummaryrefslogtreecommitdiff
path: root/middlewares/SecurityMiddleware.php
diff options
context:
space:
mode:
Diffstat (limited to 'middlewares/SecurityMiddleware.php')
-rw-r--r--middlewares/SecurityMiddleware.php21
1 files changed, 21 insertions, 0 deletions
diff --git a/middlewares/SecurityMiddleware.php b/middlewares/SecurityMiddleware.php
new file mode 100644
index 00000000..b07a8144
--- /dev/null
+++ b/middlewares/SecurityMiddleware.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Make sure that only strings are allowed in GET parameters
+ */
+class SecurityMiddleware implements Middleware
+{
+ public function __invoke(Request $request, $next): Response
+ {
+ foreach ($request->toArray() as $key => $value) {
+ if (!is_string($value)) {
+ return new Response(render(__DIR__ . '/../templates/error.html.php', [
+ 'message' => "Query parameter \"$key\" is not a string.",
+ ]), 400);
+ }
+ }
+ return $next($request);
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-26 11:11:15 +0000