Route: checking for unexpected < >

Author: dg

src/Application/Routers/Route.php

@@ -457,7 +457,7 @@ private function setMask($mask, array $metadata)
 			}
 		}
 
-		if (strpbrk($mask, '?<[]') === FALSE) {
+		if (strpbrk($mask, '?<>[]') === FALSE) {
 			$this->re = '#' . preg_quote($mask, '#') . '/?\z#A';
 			$this->sequence = [$mask];
 			$this->metadata = $metadata;
@@ -466,7 +466,7 @@ private function setMask($mask, array $metadata)
 
 		// PARSE MASK
 		// <parameter-name[=default] [pattern]> or [ or ] or ?...
-		$parts = Strings::split($mask, '/<([^>= ]+)(=[^> ]*)? *([^>]*)>|(\[!?|\]|\s*\?.*)/');
+		$parts = Strings::split($mask, '/<([^<>= ]+)(=[^<> ]*)? *([^<>]*)>|(\[!?|\]|\s*\?.*)/');
 
 		$this->xlat = [];
 		$i = count($parts) - 1;
@@ -509,8 +509,12 @@ private function setMask($mask, array $metadata)
 		$autoOptional = TRUE;
 		$aliases = [];
 		do {
-			array_unshift($sequence, $parts[$i]);
-			$re = preg_quote($parts[$i], '#') . $re;
+			$part = $parts[$i]; // part of path
+			if (strpbrk($part, '<>') !== FALSE) {
+				throw new Nette\InvalidArgumentException("Unexpected '$part' in mask '$mask'.");
+			}
+			array_unshift($sequence, $part);
+			$re = preg_quote($part, '#') . $re;
 			if ($i === 0) {
 				break;
 			}

tests/Routers/Route.errors.phpt

@@ -18,3 +18,11 @@ Assert::exception(function () {
 Assert::exception(function () {
 	$route = new Route('a]');
 }, Nette\InvalidArgumentException::class, "Missing '[' in mask 'a]'.");
+
+Assert::exception(function () {
+	$route = new Route('<presenter>/<action');
+}, Nette\InvalidArgumentException::class, "Unexpected '/<action' in mask '<presenter>/<action'.");
+
+Assert::exception(function () {
+	$route = new Route('<presenter>/action>');
+}, Nette\InvalidArgumentException::class, "Unexpected '/action>' in mask '<presenter>/action>'.");