Added 404 response for non-existing setting categories

- Added test to cover.
2022-03-28 11:16:20 +01:00 · 2022-03-28 11:16:20 +01:00 · 7c12920dc8
commit 7c12920dc8
parent 895f656897
2 changed files with 19 additions and 0 deletions
--- a/app/Http/Controllers/SettingController.php
+++ b/app/Http/Controllers/SettingController.php
@ -11,6 +11,8 @@ class SettingController extends Controller
 {
    protected ImageRepo $imageRepo;

+    protected array $settingCategories = ['features', 'customization', 'registration'];
+
    public function __construct(ImageRepo $imageRepo)
    {
        $this->imageRepo = $imageRepo;
@ -21,6 +23,7 @@ class SettingController extends Controller
     */
    public function index(string $category)
    {
+        $this->ensureCategoryExists($category);
        $this->checkPermission('settings-manage');
        $this->setPageTitle(trans('settings.settings'));

@ -39,6 +42,7 @@ class SettingController extends Controller
     */
    public function update(Request $request, string $category)
    {
+        $this->ensureCategoryExists($category);
        $this->preventAccessInDemoMode();
        $this->checkPermission('settings-manage');
        $this->validate($request, [
@ -73,4 +77,11 @@ class SettingController extends Controller

        return redirect("/settings/${category}");
    }
+
+    protected function ensureCategoryExists(string $category): void
+    {
+        if (!in_array($category, $this->settingCategories)) {
+            abort(404);
+        }
+    }
 }
--- a/tests/Settings/SettingsTest.php
+++ b/tests/Settings/SettingsTest.php
@ -28,4 +28,12 @@ class SettingsTest extends TestCase
            $resp->assertElementExists("form[action$=\"/settings/{$category}\"]");
        }
    }
+
+    public function test_not_found_setting_category_throws_404()
+    {
+        $resp = $this->asAdmin()->get('/settings/biscuits');
+
+        $resp->assertStatus(404);
+        $resp->assertSee('Page Not Found');
+    }
 }