From cfe7d9339c63db19f48bfc299f18b14094ed7177 Mon Sep 17 00:00:00 2001
From: flifloo <flifloo@gmail.com>
Date: Sun, 17 Jan 2021 16:22:46 +0100
Subject: [PATCH] Secure pagination

---
 src/Controller/PostController.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Controller/PostController.php b/src/Controller/PostController.php
index ea18891..fe37aba 100644
--- a/src/Controller/PostController.php
+++ b/src/Controller/PostController.php
@@ -23,9 +23,15 @@ class PostController extends AbstractController
     public function index(int $page = 0): Response
     {
         $repo = $this->getDoctrine()->getRepository(Post::class);
+        $pages = (int) round(count($repo->getPublished())/5, 0, PHP_ROUND_HALF_UP);
+        if ($page < 0) {
+            $page = 0;
+        } else if ($page > $pages) {
+            $page = $pages;
+        }
         return $this->render('home/index.html.twig', [
             'posts' => $repo->getPublished($page*5, 5),
-            'pages' => round(count($repo->getPublished())/5, 0, PHP_ROUND_HALF_UP)-1,
+            'pages' => $pages-1,
             'page' => $page
         ]);
     }