From 23af4010824a4311d1272c2c01416b3f1224b89a Mon Sep 17 00:00:00 2001
From: xiaochong0302 <xiaochong0302@gmail.com>
Date: Tue, 8 Sep 2020 20:11:51 +0800
Subject: [PATCH] =?UTF-8?q?=E5=90=88=E5=B9=B6demo=E4=B8=AD=E7=9A=84?=
 =?UTF-8?q?=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Desktop/Views/search/user.volt |  2 +-
 app/Library/Paginator/Query.php         | 27 +++++++++++++++++--------
 app/Validators/Category.php             |  2 +-
 app/Validators/Nav.php                  | 12 +++++------
 app/Validators/Order.php                |  2 +-
 5 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/app/Http/Desktop/Views/search/user.volt b/app/Http/Desktop/Views/search/user.volt
index d31265c2..6de1ec3e 100644
--- a/app/Http/Desktop/Views/search/user.volt
+++ b/app/Http/Desktop/Views/search/user.volt
@@ -26,7 +26,7 @@
                     <div class="about layui-elip">{{ item.about }}</div>
                     <div class="meta">
                         <span>性别：{{ gender_info(item.gender) }}</span>
-                        <span>地区：{{ item.location }}</span>
+                        <span>地区：{{ item.area }}</span>
                     </div>
                 </div>
             </div>
diff --git a/app/Library/Paginator/Query.php b/app/Library/Paginator/Query.php
index da05ed7a..6b00c357 100644
--- a/app/Library/Paginator/Query.php
+++ b/app/Library/Paginator/Query.php
@@ -3,6 +3,7 @@
 namespace App\Library\Paginator;
 
 use Phalcon\Di;
+use Phalcon\Filter;
 use Phalcon\Http\Request;
 
 class Query
@@ -13,42 +14,52 @@ class Query
      */
     protected $request;
 
+    /**
+     * @var Filter
+     */
+    protected $filter;
+
     public function __construct()
     {
         $this->request = Di::getDefault()->get('request');
+
+        $this->filter = Di::getDefault()->get('filter');
     }
 
     public function getPage()
     {
-        $page = $this->request->get('page', 'int', 1);
+        $page = $this->request->getQuery('page', ['trim', 'int'], 1);
 
-        return $page > 1000 ? 1000 : $page;
+        return $page > 100 ? 100 : $page;
     }
 
     public function getLimit()
     {
-        $limit = $this->request->get('limit', 'int', 12);
+        $limit = $this->request->getQuery('limit', ['trim', 'int'], 12);
 
         return $limit > 100 ? 100 : $limit;
     }
 
     public function getSort()
     {
-        return $this->request->get('sort', 'trim', '');
+        return $this->request->getQuery('sort', ['trim', 'string'], '');
     }
 
     public function getBaseUrl()
     {
-        return $this->request->get('_url', 'trim', '');
+        return $this->request->getQuery('_url', ['trim', 'string'], '');
     }
 
-    public function getParams()
+    public function getParams(array $whitelist = [])
     {
-        $params = $this->request->get();
+        $params = $this->request->getQuery();
 
         if ($params) {
             foreach ($params as $key => $value) {
-                if (strlen($value) == 0) {
+                $value = $this->filter->sanitize($value, ['trim', 'string']);
+                if ($whitelist && !in_array($value, $whitelist)) {
+                    unset($params[$key]);
+                } elseif (strlen($value) == 0) {
                     unset($params[$key]);
                 }
             }
diff --git a/app/Validators/Category.php b/app/Validators/Category.php
index c60ba738..ead79b30 100644
--- a/app/Validators/Category.php
+++ b/app/Validators/Category.php
@@ -72,7 +72,7 @@ class Category extends Validator
     {
         $list = CategoryModel::types();
 
-        if (!isset($list[$type])) {
+        if (!array_key_exists($type, $list)) {
             throw new BadRequestException('category.invalid_type');
         }
 
diff --git a/app/Validators/Nav.php b/app/Validators/Nav.php
index 1dba8b4e..763cf091 100644
--- a/app/Validators/Nav.php
+++ b/app/Validators/Nav.php
@@ -69,11 +69,11 @@ class Nav extends Validator
     {
         $value = $this->filter->sanitize($url, ['trim']);
 
-        $stageA = Text::startsWith($value, '/');
-        $stageB = Text::startsWith($value, '#');
-        $stageC = CommonValidator::url($value);
+        $case1 = Text::startsWith($value, '/');
+        $case2 = Text::startsWith($value, '#');
+        $case3 = CommonValidator::url($value);
 
-        if (!$stageA && !$stageB && !$stageC) {
+        if (!$case1 && !$case2 && !$case3) {
             throw new BadRequestException('nav.invalid_url');
         }
 
@@ -84,7 +84,7 @@ class Nav extends Validator
     {
         $list = NavModel::targetTypes();
 
-        if (!isset($list[$target])) {
+        if (!array_key_exists($target, $list)) {
             throw new BadRequestException('nav.invalid_target');
         }
 
@@ -95,7 +95,7 @@ class Nav extends Validator
     {
         $list = NavModel::posTypes();
 
-        if (!isset($list[$position])) {
+        if (!array_key_exists($position, $list)) {
             throw new BadRequestException('nav.invalid_position');
         }
 
diff --git a/app/Validators/Order.php b/app/Validators/Order.php
index 638d2cd1..cdf4f45c 100644
--- a/app/Validators/Order.php
+++ b/app/Validators/Order.php
@@ -49,7 +49,7 @@ class Order extends Validator
     {
         $list = OrderModel::itemTypes();
 
-        if (!isset($list[$itemType])) {
+        if (!array_key_exists($itemType, $list)) {
             throw new BadRequestException('order.invalid_item_type');
         }