Commit 3091a407 authored by alexpott's avatar alexpott

Issue #2032919 by klausi: Fixed PATCH and POST should return 400 on NULL bodies.

parent 6b6c6f20
......@@ -71,7 +71,11 @@ public function get($id) {
*
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
*/
public function post($id, EntityInterface $entity) {
public function post($id, EntityInterface $entity = NULL) {
if ($entity == NULL) {
throw new BadRequestHttpException(t('No entity content received.'));
}
if (!$entity->access('create')) {
throw new AccessDeniedHttpException();
}
......@@ -117,7 +121,11 @@ public function post($id, EntityInterface $entity) {
*
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
*/
public function patch($id, EntityInterface $entity) {
public function patch($id, EntityInterface $entity = NULL) {
if ($entity == NULL) {
throw new BadRequestHttpException(t('No entity content received.'));
}
if (empty($id)) {
throw new NotFoundHttpException();
}
......
......@@ -88,6 +88,10 @@ public function testCreate() {
$this->httpRequest('entity/' . $entity_type, 'POST', 'kaboom!', $this->defaultMimeType);
$this->assertResponse(400);
// Try to send no data at all, which does not make sense on POST requests.
$this->httpRequest('entity/' . $entity_type, 'POST', NULL, $this->defaultMimeType);
$this->assertResponse(400);
// Try to create an entity without the CSRF token.
$this->curlExec(array(
CURLOPT_HTTPGET => FALSE,
......
......@@ -104,6 +104,10 @@ public function testPatchUpdate() {
$entity->field_test_text->value = $this->randomString();
$entity->save();
// Try to send no data at all, which does not make sense on PATCH requests.
$this->httpRequest('entity/' . $entity_type . '/' . $entity->id(), 'PATCH', NULL, $this->defaultMimeType);
$this->assertResponse(400);
// Try to update a non-existing entity with ID 9999.
$this->httpRequest('entity/' . $entity_type . '/9999', 'PATCH', $serialized, $this->defaultMimeType);
$this->assertResponse(404);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment