[NFR] MongoDB Request Injection Attacks (getQuery/getPost)

[lucianocn]

I'm using Phalcon with MongoDB and I think about a possible improvement at getQuery/getPost, which allow to receive arrays, like:
http://localhost?variable[]=value (also occurs with Post)

There`s a vulnerability, when using MongoDB, by parsing arrays in parameters. Its a good idea to add this check to Phalcon core.

About Request Injection Attacks:
http://php.net/manual/en/mongo.security.php

public function getParameter($parameter, $type = 'string', $default = '')
{
    $getParameter = $this->request->getQuery($parameter, $type, $default);

    if (is_array($getParameter)) {
        throw new Exception("Parameter '$parameter' cannot be an array.", 400);
    }
    return $getParameter;
}

[dreamsxin]

$getParameter = $this->request->getQuery($parameter, $type, $default, FALSE, TRUE);

[lucianocn]

@dreamsxin Thank you!

[dreamsxin]

@lucianocn You're welcome, I should be doing