kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-16 10:44:37 +00:00
Code Issues Projects Releases Wiki Activity

Only accept application/json requests for (JSON) API requests

Browse Source
This commit is contained in:
Bernd Bestel
2023-09-01 00:53:25 +02:00
parent 8c21969b84
commit 5080d776a7
3 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
controllers/BaseController.php
View File

@@ -19,6 +19,7 @@ use Grocy\Services\TasksService;
use Grocy\Services\UserfieldsService;
use Grocy\Services\UsersService;
use DI\Container;
use Slim\Exception\HttpException;
class BaseController
{
@@ -213,6 +214,11 @@ class BaseController
protected function GetParsedAndFilteredRequestBody($request)
{
if ($request->getHeaderLine('Content-Type') != 'application/json')
{
throw new HttpException($request, 'Bad Content-Type', 400);
}
if (self::$htmlPurifierInstance == null)
{
$htmlPurifierConfig = \HTMLPurifier_Config::createDefault();

2
controllers/LoginController.php
View File

@@ -22,7 +22,7 @@ class LoginController extends BaseController
public function ProcessLogin(Request $request, Response $response, array $args)
{
$authMiddlewareClass = GROCY_AUTH_CLASS;
if ($authMiddlewareClass::ProcessLogin($this->GetParsedAndFilteredRequestBody($request)))
if ($authMiddlewareClass::ProcessLogin($request->getParsedBody()))
{
return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/'));
}

10
public/js/grocy.js
View File

@@ -70,7 +70,7 @@ Grocy.Api.Post = function(apiFunction, jsonData, success, error)
};
xhr.open('POST', url, true);
xhr.setRequestHeader('Content-type', 'application/json');
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.send(JSON.stringify(jsonData));
};
@@ -108,7 +108,7 @@ Grocy.Api.Put = function(apiFunction, jsonData, success, error)
};
xhr.open('PUT', url, true);
xhr.setRequestHeader('Content-type', 'application/json');
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.send(JSON.stringify(jsonData));
};
@@ -146,7 +146,7 @@ Grocy.Api.Delete = function(apiFunction, jsonData, success, error)
};
xhr.open('DELETE', url, true);
xhr.setRequestHeader('Content-type', 'application/json');
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.send(JSON.stringify(jsonData));
};
@@ -184,7 +184,7 @@ Grocy.Api.UploadFile = function(file, group, fileName, success, error)
};
xhr.open('PUT', url, true);
xhr.setRequestHeader('Content-type', 'application/octet-stream');
xhr.setRequestHeader('Content-Type', 'application/octet-stream');
xhr.send(file);
};
@@ -222,7 +222,7 @@ Grocy.Api.DeleteFile = function(fileName, group, success, error)
};
xhr.open('DELETE', url, true);
xhr.setRequestHeader('Content-type', 'application/json');
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.send();
};