diff --git a/app/Http/Desktop/Views/search/user.volt b/app/Http/Desktop/Views/search/user.volt
index d31265c2..6de1ec3e 100644
--- a/app/Http/Desktop/Views/search/user.volt
+++ b/app/Http/Desktop/Views/search/user.volt
@@ -26,7 +26,7 @@
{{ item.about }}
性别:{{ gender_info(item.gender) }}
- 地区:{{ item.location }}
+ 地区:{{ item.area }}
diff --git a/app/Library/Paginator/Query.php b/app/Library/Paginator/Query.php
index da05ed7a..6b00c357 100644
--- a/app/Library/Paginator/Query.php
+++ b/app/Library/Paginator/Query.php
@@ -3,6 +3,7 @@
namespace App\Library\Paginator;
use Phalcon\Di;
+use Phalcon\Filter;
use Phalcon\Http\Request;
class Query
@@ -13,42 +14,52 @@ class Query
*/
protected $request;
+ /**
+ * @var Filter
+ */
+ protected $filter;
+
public function __construct()
{
$this->request = Di::getDefault()->get('request');
+
+ $this->filter = Di::getDefault()->get('filter');
}
public function getPage()
{
- $page = $this->request->get('page', 'int', 1);
+ $page = $this->request->getQuery('page', ['trim', 'int'], 1);
- return $page > 1000 ? 1000 : $page;
+ return $page > 100 ? 100 : $page;
}
public function getLimit()
{
- $limit = $this->request->get('limit', 'int', 12);
+ $limit = $this->request->getQuery('limit', ['trim', 'int'], 12);
return $limit > 100 ? 100 : $limit;
}
public function getSort()
{
- return $this->request->get('sort', 'trim', '');
+ return $this->request->getQuery('sort', ['trim', 'string'], '');
}
public function getBaseUrl()
{
- return $this->request->get('_url', 'trim', '');
+ return $this->request->getQuery('_url', ['trim', 'string'], '');
}
- public function getParams()
+ public function getParams(array $whitelist = [])
{
- $params = $this->request->get();
+ $params = $this->request->getQuery();
if ($params) {
foreach ($params as $key => $value) {
- if (strlen($value) == 0) {
+ $value = $this->filter->sanitize($value, ['trim', 'string']);
+ if ($whitelist && !in_array($value, $whitelist)) {
+ unset($params[$key]);
+ } elseif (strlen($value) == 0) {
unset($params[$key]);
}
}
diff --git a/app/Validators/Category.php b/app/Validators/Category.php
index c60ba738..ead79b30 100644
--- a/app/Validators/Category.php
+++ b/app/Validators/Category.php
@@ -72,7 +72,7 @@ class Category extends Validator
{
$list = CategoryModel::types();
- if (!isset($list[$type])) {
+ if (!array_key_exists($type, $list)) {
throw new BadRequestException('category.invalid_type');
}
diff --git a/app/Validators/Nav.php b/app/Validators/Nav.php
index 1dba8b4e..763cf091 100644
--- a/app/Validators/Nav.php
+++ b/app/Validators/Nav.php
@@ -69,11 +69,11 @@ class Nav extends Validator
{
$value = $this->filter->sanitize($url, ['trim']);
- $stageA = Text::startsWith($value, '/');
- $stageB = Text::startsWith($value, '#');
- $stageC = CommonValidator::url($value);
+ $case1 = Text::startsWith($value, '/');
+ $case2 = Text::startsWith($value, '#');
+ $case3 = CommonValidator::url($value);
- if (!$stageA && !$stageB && !$stageC) {
+ if (!$case1 && !$case2 && !$case3) {
throw new BadRequestException('nav.invalid_url');
}
@@ -84,7 +84,7 @@ class Nav extends Validator
{
$list = NavModel::targetTypes();
- if (!isset($list[$target])) {
+ if (!array_key_exists($target, $list)) {
throw new BadRequestException('nav.invalid_target');
}
@@ -95,7 +95,7 @@ class Nav extends Validator
{
$list = NavModel::posTypes();
- if (!isset($list[$position])) {
+ if (!array_key_exists($position, $list)) {
throw new BadRequestException('nav.invalid_position');
}
diff --git a/app/Validators/Order.php b/app/Validators/Order.php
index 638d2cd1..cdf4f45c 100644
--- a/app/Validators/Order.php
+++ b/app/Validators/Order.php
@@ -49,7 +49,7 @@ class Order extends Validator
{
$list = OrderModel::itemTypes();
- if (!isset($list[$itemType])) {
+ if (!array_key_exists($itemType, $list)) {
throw new BadRequestException('order.invalid_item_type');
}