mirror of
https://github.com/danog/Valinor.git
synced 2025-01-10 14:48:20 +01:00
6ce1a439ad
/!\ This change fixes a security issue.
Userland exception thrown in a constructor will not be automatically
caught by the mapper anymore. This prevents messages with sensible
information from reaching the final user — for instance an SQL exception
showing a part of a query.
To allow exceptions to be considered as safe, the new method
`MapperBuilder::filterExceptions()` must be used, with caution.
```php
final class SomeClass
{
public function __construct(private string $value)
{
\Webmozart\Assert\Assert::startsWith($value, 'foo_');
}
}
try {
(new \CuyZ\Valinor\MapperBuilder())
->filterExceptions(function (Throwable $exception) {
if ($exception instanceof \Webmozart\Assert\InvalidArgumentException) {
return \CuyZ\Valinor\Mapper\Tree\Message\ThrowableMessage::from($exception);
}
// If the exception should not be caught by this library, it
// must be thrown again.
throw $exception;
})
->mapper()
->map(SomeClass::class, 'bar_baz');
} catch (\CuyZ\Valinor\Mapper\MappingError $exception) {
// Should print something similar to:
// > Expected a value to start with "foo_". Got: "bar_baz"
echo $exception->node()->messages()[0];
}
```
23 lines
504 B
PHP
23 lines
504 B
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace CuyZ\Valinor\Tests\Fake\Mapper\Tree\Message;
|
|
|
|
use CuyZ\Valinor\Mapper\Tree\Message\Message;
|
|
use CuyZ\Valinor\Mapper\Tree\Message\NodeMessage;
|
|
use CuyZ\Valinor\Tests\Fake\Mapper\FakeShell;
|
|
|
|
final class FakeNodeMessage
|
|
{
|
|
public static function any(): NodeMessage
|
|
{
|
|
return self::with(new FakeMessage());
|
|
}
|
|
|
|
public static function with(Message $message): NodeMessage
|
|
{
|
|
return new NodeMessage(FakeShell::any(), $message);
|
|
}
|
|
}
|