@@ -1346,22 +1346,37 @@ public function setMethod($method)
13461346 */
13471347 public function getMethod ()
13481348 {
1349- if (null === $ this method ) {
1350- $ this method = strtoupper ($ this server ->get ('REQUEST_METHOD ' , 'GET ' ));
1351-
1352- if ('POST ' === $ this method ) {
1353- if ($ method$ this headers ->get ('X-HTTP-METHOD-OVERRIDE ' )) {
1354- $ this method = strtoupper ($ method
1355- } elseif (self ::$ httpMethodParameterOverride
1356- $ method$ this request ->get ('_method ' , $ this query ->get ('_method ' , 'POST ' ));
1357- if (\is_string ($ method
1358- $ this method = strtoupper ($ method
1359- }
1360- }
1361- }
1349+ if (null !== $ this method ) {
1350+ return $ this method ;
1351+ }
1352+
1353+ $ this method = strtoupper ($ this server ->get ('REQUEST_METHOD ' , 'GET ' ));
1354+
1355+ if ('POST ' !== $ this method ) {
1356+ return $ this method ;
1357+ }
1358+
1359+ $ method$ this headers ->get ('X-HTTP-METHOD-OVERRIDE ' );
1360+
1361+ if (!$ methodself ::$ httpMethodParameterOverride
1362+ $ method$ this request ->get ('_method ' , $ this query ->get ('_method ' , 'POST ' ));
1363+ }
1364+
1365+ if (!\is_string ($ method
1366+ return $ this method ;
1367+ }
1368+
1369+ $ methodstrtoupper ($ method
1370+
1371+ if (\in_array ($ method'GET ' , 'HEAD ' , 'POST ' , 'PUT ' , 'DELETE ' , 'CONNECT ' , 'OPTIONS ' , 'PATCH ' , 'PURGE ' , 'TRACE ' ], true )) {
1372+ return $ this method = $ method
1373+ }
1374+
1375+ if (!preg_match ('/^[A-Z]++$/D ' , $ method
1376+ throw new SuspiciousOperationException (sprintf ('Invalid method override "%s". ' , $ method
13621377 }
13631378
1364- return $ this method ;
1379+ return $ this method = $ method
13651380 }
13661381
13671382 /**
0 commit comments