/** * @expectedException Imbo\Exception\InvalidArgumentException * @expectedExceptionMessage Invalid transformation * @expectedExceptionCode 400 * @covers Imbo\Http\Request\Request::getTransformations */ public function testDoesNotGenerateWarningWhenTransformationIsNotAString() { $query = ['t' => [['flipHorizontally', 'flipVertically']]]; $request = new Request($query); $request->getTransformations(); }
/** * Check if the request is whitelisted * * This method will whitelist a request only if all the transformations present in the request * are listed in the whitelist filter OR if the whitelist filter is empty, and the blacklist * filter has enties, but none of the transformations in the request are present in the * blacklist. * * @param Request $request The request instance * @return boolean */ private function isWhitelisted(Request $request) { $filter = $this->params['transformations']; if (empty($filter['whitelist']) && empty($filter['blacklist'])) { // No filter has been configured return false; } // Fetch transformations from the request $transformations = $request->getTransformations(); if (empty($transformations)) { // No transformations are present in the request, no need to check return false; } $whitelist = array_flip($filter['whitelist']); $blacklist = array_flip($filter['blacklist']); foreach ($transformations as $transformation) { if (isset($blacklist[$transformation['name']])) { // Transformation is explicitly blacklisted return false; } if (!empty($whitelist) && !isset($whitelist[$transformation['name']])) { // We have a whitelist, but the transformation is not listed in it, so we must deny // the request return false; } } // All transformations in the request are whitelisted return true; }