CakePHP Sandbox App v5

Query strings and type safety

Query strings are usually strings, but - as some might not be aware of - can also be quite easily an array. So not checking on the type and blindly using it in stringish operations can currently cause undesired results. 

$result = 'string' . $this->request->getQuery('key'); // Dangerous without checking if set and a string

So with the current implementation of how query strings (and named params) work, one should always assert the correct type first: 

$key = $this->request->getQuery('key');
if (is_array($key)) { // Or: if (!is_scalar($key))
    throw new NotFoundException('Invalid query string'); // Simple 404
}
$result = 'string' . $this->request->getQuery('key'); // Dangerous without checking if a stringish (=scalar) value

Demo/Example

Let's test:

A simple string A simple array

Send your feedback or bugreport!