From dbecf848f47a38f82b8bcb5a6b5b874ee90f10c5 Mon Sep 17 00:00:00 2001
From: Qiang Xue <qiang.xue@gmail.com>
Date: Fri, 8 Nov 2013 23:21:41 -0500
Subject: [PATCH] Fixes #1156: action parameter binding now checks for array
 type.

---
 framework/yii/web/Controller.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/framework/yii/web/Controller.php b/framework/yii/web/Controller.php
index 3319f3b..2ecd9e4 100644
--- a/framework/yii/web/Controller.php
+++ b/framework/yii/web/Controller.php
@@ -41,7 +41,7 @@ class Controller extends \yii\base\Controller
 	 * @param \yii\base\Action $action the action to be bound with parameters
 	 * @param array $params the parameters to be bound to the action
 	 * @return array the valid parameters that the action can run with.
-	 * @throws HttpException if there are missing parameters.
+	 * @throws HttpException if there are missing or invalid parameters.
 	 */
 	public function bindActionParams($action, $params)
 	{
@@ -57,7 +57,15 @@ class Controller extends \yii\base\Controller
 		foreach ($method->getParameters() as $param) {
 			$name = $param->getName();
 			if (array_key_exists($name, $params)) {
-				$args[] = $actionParams[$name] = $params[$name];
+				if ($param->isArray()) {
+					$args[] = $actionParams[$name] = is_array($params[$name]) ? $params[$name] : [$params[$name]];
+				} elseif (!is_array($params[$name])) {
+					$args[] = $actionParams[$name] = $params[$name];
+				} else {
+					throw new HttpException(400, Yii::t('yii', 'Invalid data received for parameter "{param}".', [
+						'param' => $name,
+					]));
+				}
 				unset($params[$name]);
 			} elseif ($param->isDefaultValueAvailable()) {
 				$args[] = $actionParams[$name] = $param->getDefaultValue();