From 71e2d7fc67be864352cd437de33f0e9a592fb7cb Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Fri, 7 Feb 2020 22:34:43 +0100
Subject: [PATCH] fixes #192

---
 Router/SocketRouter.php | 13 ++++++++++++-
 Router/WebRouter.php    | 13 ++++++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/Router/SocketRouter.php b/Router/SocketRouter.php
index a27fb2aa9..a43f4ef7f 100644
--- a/Router/SocketRouter.php
+++ b/Router/SocketRouter.php
@@ -95,6 +95,7 @@ final class SocketRouter implements RouterInterface
      * @param string $app     Application name
      * @param int    $orgId   Organization id
      * @param mixed  $account Account
+     * @param array  $data    Data
      *
      * @return array[]
      *
@@ -104,7 +105,8 @@ final class SocketRouter implements RouterInterface
         string $uri,
         string $app = null,
         int $orgId = null,
-        $account = null
+        $account = null,
+        array $data = null
     ) : array
     {
         $bound = [];
@@ -125,6 +127,15 @@ final class SocketRouter implements RouterInterface
                     return $app !== null ? $this->route('/' . \strtolower($app) . '/e403') : $this->route('/e403');
                 }
 
+                // if data check is invalid
+                if (isset($d['data'])) {
+                    foreach ($d['data'] as $name => $pattern) {
+                        if (!isset($data[$name]) || \preg_match($pattern, $data[$name]) !== 1) {
+                            return $app !== null ? $this->route('/' . \strtolower($app) . '/e403') : $this->route('/e403');
+                        }
+                    }
+                }
+
                 $bound[] = ['dest' => $d['dest']];
             }
         }
diff --git a/Router/WebRouter.php b/Router/WebRouter.php
index b9569217a..0d910ca7c 100644
--- a/Router/WebRouter.php
+++ b/Router/WebRouter.php
@@ -123,6 +123,7 @@ final class WebRouter implements RouterInterface
      * @param string $app     Application name
      * @param int    $orgId   Organization id
      * @param mixed  $account Account
+     * @param array  $data    Data
      *
      * @return array[]
      *
@@ -134,7 +135,8 @@ final class WebRouter implements RouterInterface
         int $verb = RouteVerb::GET,
         string $app = null,
         int $orgId = null,
-        $account = null
+        $account = null,
+        array $data = null
     ) : array
     {
         $bound = [];
@@ -164,6 +166,15 @@ final class WebRouter implements RouterInterface
                         return $app !== null ? $this->route('/' . \strtolower($app) . '/e403', $csrf, $verb) : $this->route('/e403', $csrf, $verb);
                     }
 
+                    // if data check is invalid
+                    if (isset($d['data'])) {
+                        foreach ($d['data'] as $name => $pattern) {
+                            if (!isset($data[$name]) || \preg_match($pattern, $data[$name]) !== 1) {
+                                return $app !== null ? $this->route('/' . \strtolower($app) . '/e403', $csrf, $verb) : $this->route('/e403', $csrf, $verb);
+                            }
+                        }
+                    }
+
                     $bound[] = ['dest' => $d['dest']];
                 }
             }