改进loader类action的参数污染问题

This commit is contained in:
thinkphp
2016-12-24 09:22:05 +08:00
parent d1637a9e51
commit 822359cfbc
2 changed files with 16 additions and 10 deletions

View File

@@ -142,7 +142,7 @@ class App
case 'controller':
// 执行控制器操作
$vars = Request::instance()->param();
$data = Loader::action($dispatch['controller'], array_merge($vars, $dispatch['var']));
$data = Loader::action($dispatch['controller'], array_merge($vars, $dispatch['var']), $config['url_controller_layer'], $config['controller_suffix'], true);
break;
case 'method':
// 执行回调方法
@@ -217,9 +217,10 @@ class App
* @access public
* @param string|array $method 方法
* @param array $vars 变量
* @param bool $filter 是否全局过滤
* @return mixed
*/
public static function invokeMethod($method, $vars = [])
public static function invokeMethod($method, $vars = [], $filter = true)
{
if (is_array($method)) {
$class = is_object($method[0]) ? $method[0] : self::invokeClass($method[0]);
@@ -228,7 +229,7 @@ class App
// 静态方法
$reflect = new \ReflectionMethod($method);
}
$args = self::bindParams($reflect, $vars);
$args = self::bindParams($reflect, $vars, $filter);
self::$debug && Log::record('[ RUN ] ' . $reflect->class . '->' . $reflect->name . '[ ' . $reflect->getFileName() . ' ]', 'info');
return $reflect->invokeArgs(isset($class) ? $class : null, $args);
@@ -239,14 +240,15 @@ class App
* @access public
* @param string $class 类名
* @param array $vars 变量
* @param bool $filter 是否全局过滤
* @return mixed
*/
public static function invokeClass($class, $vars = [])
public static function invokeClass($class, $vars = [], $filter = true)
{
$reflect = new \ReflectionClass($class);
$constructor = $reflect->getConstructor();
if ($constructor) {
$args = self::bindParams($constructor, $vars);
$args = self::bindParams($constructor, $vars, $filter);
} else {
$args = [];
}
@@ -257,10 +259,11 @@ class App
* 绑定参数
* @access public
* @param \ReflectionMethod|\ReflectionFunction $reflect 反射类
* @param array $vars 变量
* @param array $vars 变量
* @param bool $filter 是否全局过滤
* @return array
*/
private static function bindParams($reflect, $vars = [])
private static function bindParams($reflect, $vars = [], $filter = true)
{
if (empty($vars)) {
// 自动获取请求变量
@@ -305,7 +308,9 @@ class App
}
}
// 全局过滤
array_walk_recursive($args, [Request::instance(), 'filterExp']);
if ($filter) {
array_walk_recursive($args, [Request::instance(), 'filterExp']);
}
}
return $args;
}

View File

@@ -481,9 +481,10 @@ class Loader
* @param string|array $vars 调用参数 支持字符串和数组
* @param string $layer 要调用的控制层名称
* @param bool $appendSuffix 是否添加类名后缀
* @param bool $filter 是否全局过滤
* @return mixed
*/
public static function action($url, $vars = [], $layer = 'controller', $appendSuffix = false)
public static function action($url, $vars = [], $layer = 'controller', $appendSuffix = false, $filter = false)
{
$info = pathinfo($url);
$action = $info['basename'];
@@ -497,7 +498,7 @@ class Loader
$vars = [$vars];
}
}
return App::invokeMethod([$class, $action . Config::get('action_suffix')], $vars);
return App::invokeMethod([$class, $action . Config::get('action_suffix')], $vars, $filter);
}
}