ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-15 00:02:33 +05:30
Code Issues Packages Projects Releases Wiki Activity

secure access to body params

Browse Source
This commit is contained in:
Julián Gutiérrez 2016-02-12 13:56:14 +01:00
parent 95919a688e
commit d2760e4ec7
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Grant/AbstractGrant.php
View File

@ -249,13 +249,15 @@ abstract class AbstractGrant implements GrantTypeInterface
*/ */
protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null) protected function getRequestParameter($parameter, ServerRequestInterface $request, $default = null)
{ {
return (isset($request->getParsedBody()[$parameter])) ? $request->getParsedBody()[$parameter] : $default; return (is_array($request->getParsedBody()) && isset($request->getParsedBody()[$parameter]))
? $request->getParsedBody()[$parameter]
: $default;
} }
/** /**
* Retrieve server parameter. * Retrieve server parameter.
* *
* @param string|array $parameter * @param string $parameter
* @param \Psr\Http\Message\ServerRequestInterface $request * @param \Psr\Http\Message\ServerRequestInterface $request
* @param mixed $default * @param mixed $default
* *
@ -314,7 +316,8 @@ abstract class AbstractGrant implements GrantTypeInterface
public function canRespondToRequest(ServerRequestInterface $request) public function canRespondToRequest(ServerRequestInterface $request)
{ {
return ( return (
isset($request->getParsedBody()['grant_type']) is_array($request->getParsedBody())
&& isset($request->getParsedBody()['grant_type'])
&& $request->getParsedBody()['grant_type'] === $this->identifier && $request->getParsedBody()['grant_type'] === $this->identifier
); );
} }