Redirige les requêtes invalides vers la vue d'erreur

src/Silex/Controller/VisitorController.php

@@ -9,6 +9,7 @@ use Silex\DI\DI;
 use Silex\Http\HttpResponse;
 use Silex\Model\Comment;
 use Silex\Util\Pagination;
+use Silex\Validation\CommentValidation;
 
 class VisitorController {
 
@@ -37,6 +38,9 @@ class VisitorController {
     {
         $newsId = intval($params['id']);
         $news = $di->getNewsGateway()->getById($newsId);
+        if ($news === null) {
+            return new HttpResponse(404, 'errors', ['errors' => ['Unknown news']]);
+        }
         if ($news->getSlug() !== $params['slug']) {
             HttpResponse::redirect($di->getRouter()->url($news->getSlugRedirect()));
         }
@@ -44,12 +48,19 @@ class VisitorController {
         return new HttpResponse(200, 'newsView', ['news' => $news, 'comments' => $comments]);
     }
 
-    public function comment(DI $di, array $params): void
+    public function comment(DI $di, array $params): HttpResponse
     {
         $newsId = intval($params['id']);
         $news = $di->getNewsGateway()->getById($newsId);
-        $comment = new Comment(-1, $newsId, new DateTime(), $_POST['content']);
+        if ($news === null) {
+            return new HttpResponse(404, 'errors', ['errors' => ['Unknown news']]);
+        }
         $author = $di->getSecurity()->getCurrentUser();
+        $errors = [];
+        if (!CommentValidation::isValidComment($_POST, $author === null, $errors)) {
+            return new HttpResponse(400, 'errors', ['errors' => $errors]);
+        }
+        $comment = new Comment(-1, $newsId, new DateTime(), $_POST['content']);
         if ($author !== null) {
             $comment->setAuthor($author);
         } else {
@@ -58,5 +69,6 @@ class VisitorController {
         }
         $di->getCommentGateway()->insert($comment);
         HttpResponse::redirect($di->getRouter()->url($news->getSlugRedirect()));
+        exit();
     }
 }