kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-16 09:22:33 +00:00
Code Issues Projects Releases Wiki Activity

Fix #9876

Browse Source
This commit is contained in:
James Cole
2025-03-09 10:35:12 +01:00
parent b60021e0ce
commit a8e1c22c93
2 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/Http/Middleware/AcceptHeaders.php
View File

@@ -50,13 +50,19 @@ class AcceptHeaders
throw new BadHttpHeaderException(sprintf('Accept header "%s" is not something this server can provide.', $request->header('Accept'))); throw new BadHttpHeaderException(sprintf('Accept header "%s" is not something this server can provide.', $request->header('Accept')));
} }
// if bad 'Content-Type' header, refuse service. // if bad 'Content-Type' header, refuse service.
if (('POST' === $method || 'PUT' === $method) && !$request->hasHeader('Content-Type')) {
// some routes are exempt from this.
$exempt = [
'api.v1.data.bulk.transactions'
];
if (('POST' === $method || 'PUT' === $method) && !$request->hasHeader('Content-Type') && !in_array($request->route()->getName(), $exempt, true)) {
$error = new BadHttpHeaderException('Content-Type header cannot be empty.'); $error = new BadHttpHeaderException('Content-Type header cannot be empty.');
$error->statusCode = 415; $error->statusCode = 415;
throw $error; throw $error;
} }
if (('POST' === $method || 'PUT' === $method) && !$this->acceptsHeader($submitted, $contentTypes)) { if (('POST' === $method || 'PUT' === $method) && !$this->acceptsHeader($submitted, $contentTypes) && !in_array($request->route()->getName(), $exempt, true)) {
$error = new BadHttpHeaderException(sprintf('Content-Type cannot be "%s"', $submitted)); $error = new BadHttpHeaderException(sprintf('Content-Type cannot be "%s"', $submitted));
$error->statusCode = 415; $error->statusCode = 415;

9
app/Validation/Api/Data/Bulk/ValidatesBulkTransactionQuery.php
View File

@@ -33,10 +33,13 @@ trait ValidatesBulkTransactionQuery
{ {
$data = $validator->getData(); $data = $validator->getData();
// assumption is all validation has already taken place and the query key exists. // assumption is all validation has already taken place and the query key exists.
$json = json_decode($data['query'], true, 8, JSON_THROW_ON_ERROR); $query =$data['query'] ?? '[]';
$json = json_decode($query, true, 8, JSON_THROW_ON_ERROR);
if (array_key_exists('account_id', $json['where']) if (
&& array_key_exists('account_id', $json['update']) array_key_exists('where', $json) &&
array_key_exists('update', $json) &&
array_key_exists('account_id', $json['where']) && array_key_exists('account_id', $json['update'])
) { ) {
// find both accounts, must be same type. // find both accounts, must be same type.
// already validated: belongs to this user. // already validated: belongs to this user.