### Inject services in each controller As we already do some introspection to pass arguments to the action, we can also inject services:function showAction($id, $user, $doctrineManager, $pi = 3.14) { } The rules can be the following: * If the argument name matches a route variable, we use it ($id in the example) * If not, and if the argument name matches a service name, we use it ($user in the example) * If not, and if there is a default value, and if the argument is optional, we use the default value ($pi in the example) * If not, we throw an exceptionAbsolutely prefer this approach. It scales in a natural way and I love the possibility to type hint.function showAction($year, $month, $day, $slug, $user, $doctrineManager) { } * If a routing variable has the same name as a service name, the routing variable winsI think injected services should have precedence over request parameters because: * on name collision you can always access request parameters by using the request service function showAction($doctrineManager, Request $request) { $requestName = $request->getRequestParameter('request'); // maybe implement ArrayAccess? $requestName = $request['request']; } * request parameters aren't trusted and therefore should never overwrite trusted variables * passed arguments are only "shortcuts" to the "real" parameters handled by (injected) services * the developer should be able to use the request service instead of passed arguments without keeping name collision in mind
Very good points here. You are totally right. Fabien
My 2 cents. Chris
-- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en To unsubscribe from this group, send email to symfony-devs+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
