Added route check

src/bundle/Controller/UserSettingsController.php

@@ -19,13 +19,20 @@
 use Ibexa\User\View\UserSettings\ListView;
 use Ibexa\User\View\UserSettings\UpdateView;
 use JMS\TranslationBundle\Annotation\Desc;
+use Psr\Log\LoggerAwareInterface;
+use Psr\Log\LoggerAwareTrait;
+use Psr\Log\LoggerInterface;
+use Psr\Log\NullLogger;
 use Symfony\Component\Form\Button;
-use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Routing\Exception\ExceptionInterface as RouteExceptionInterface;
+use Symfony\Component\Routing\RouterInterface;
 
-class UserSettingsController extends Controller
+class UserSettingsController extends Controller implements LoggerAwareInterface
 {
+    use LoggerAwareTrait;
+
     /** @var \Ibexa\User\Form\Factory\FormFactory */
     private $formFactory;
 
@@ -43,20 +50,26 @@ class UserSettingsController extends Controller
 
     private PermissionResolver $permissionResolver;
 
+    private RouterInterface $router;
+
     public function __construct(
         FormFactory $formFactory,
         SubmitHandler $submitHandler,
         UserSettingService $userSettingService,
         ValueDefinitionRegistry $valueDefinitionRegistry,
         ActionResultHandler $actionResultHandler,
-        PermissionResolver $permissionResolver
+        PermissionResolver $permissionResolver,
+        RouterInterface $router,
+        LoggerInterface $logger = null
     ) {
         $this->formFactory = $formFactory;
         $this->submitHandler = $submitHandler;
         $this->userSettingService = $userSettingService;
         $this->valueDefinitionRegistry = $valueDefinitionRegistry;
         $this->actionResultHandler = $actionResultHandler;
         $this->permissionResolver = $permissionResolver;
+        $this->router = $router;
+        $this->logger = $logger ?? new NullLogger();
     }
 
     /**
@@ -104,8 +117,12 @@ public function updateAction(Request $request, UpdateView $view)
                     'ibexa_user_settings'
                 );
 
-                $route = $request->query->get('route') ?? null;
-                $routeParameters = $request->query->get('routeParameters') ?? [];
+                $route = $request->query->get('route');
+                $routeParameters = $request->query->all('routeParameters');
+                if (!$this->routeExists($route, $routeParameters)) {
+                    $route = null;
+                    $routeParameters = [];
+                }
 
                 if ($form->getClickedButton() instanceof Button
                     && $form->getClickedButton()->getName() === UserSettingUpdateType::BTN_UPDATE_AND_EDIT
@@ -121,7 +138,7 @@ public function updateAction(Request $request, UpdateView $view)
                     return $this->redirectToRoute($route, $routeParameters);
                 }
 
-                return new RedirectResponse($this->generateUrl('ibexa.user_settings.list'));
+                return $this->redirectToRoute('ibexa.user_settings.list');
             });
 
             if ($result instanceof Response) {
@@ -136,6 +153,24 @@ public function updateAction(Request $request, UpdateView $view)
 
         return $view;
     }
+
+    private function routeExists($route, array $routeParameters): bool
+    {
+        try {
+            $this->router->generate($route, $routeParameters);
+
+            return true;
+        } catch (RouteExceptionInterface $e) {
+            $this->logger->warning(
+                sprintf('Invalid route in query. %s.', $e->getMessage()),
+                [
+                    'exception' => $e,
+                ],
+            );
+        }
+
+        return false;
+    }
 }
 
 class_alias(UserSettingsController::class, 'EzSystems\EzPlatformUserBundle\Controller\UserSettingsController');