hofff / contao-restrict-get-parameters
Restrict allowed get parameters
Installs: 153
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 1
Type:contao-bundle
Requires
- php: ^8.1
- contao/core-bundle: ^4.13 || ^5.3
- symfony/config: ^5.4 || ^6.4 || ^7.0
- symfony/dependency-injection: ^5.4 || ^6.4 || ^7.0
- symfony/http-foundation: ^5.4 || ^6.4 || ^7.0
- symfony/http-kernel: ^5.4 || ^6.4 || ^7.0
Requires (Dev)
- contao/manager-plugin: ^2.1
- doctrine/coding-standard: ^12.0
- phpcq/runner-bootstrap: ^1.0@dev
This package is auto-updated.
Last update: 2025-09-09 09:05:17 UTC
README
This Contao extension allows you to restrict GET parameters in the frontend by configuring a whitelist of allowed parameter patterns. Any GET parameters not matching the whitelist will be marked as unused and won't be processed by Contao.
System Requirements
PHP 8.1or higher- Contao
4.13+or5.3+ - Symfony
5.4+, 6.4+ or 7.0+
Configuration
In the Contao system settings, you can:
- Enable GET parameter restriction
- Configure a whitelist of allowed parameter patterns using wildcards (e.g., page*, *id, alias)
It's also possible to use the bundle configuration:
contao: localconfig: restrict_get_parameters: true restrict_get_parameters_whitelist: ['param-a', 'param-b']
Known limitations
Isotope product list
This extension uses the unused get parameter feature of Contao and marks all get parameters as unused before rendering a page. Used get parameters on the page are marked as used later on, so in the end Contao throws an exception if any parameter was not used. This does not work when a page contains an isotope product list / filter, as Isotope marks all get parameters as used.