From 95cb9ffb90a1287d3edb2a902c1ca6e936871cfb Mon Sep 17 00:00:00 2001
From: David Mott <lowlee@lowlee.info>
Date: Sun, 15 Aug 2021 18:45:05 +1000
Subject: [PATCH] fix: confirm grocycode is of PRODUCT type in
 GetProductIdFromBarcode (#1581)

* fix: confirm grocycode is of PRODUCT type in GetProductIdFromBarcode

* Fixed formatting

* Don't output the given input (for security reasons)

Co-authored-by: Bernd Bestel <bernd@berrnd.de>
---
 services/StockService.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/StockService.php b/services/StockService.php
index f73ac5bd..f39bdd00 100644
--- a/services/StockService.php
+++ b/services/StockService.php
@@ -697,6 +697,10 @@ class StockService extends BaseService
 		if (Grocycode::Validate($barcode))
 		{
 			$gc = new Grocycode($barcode);
+			if ($gc->GetType() != Grocycode::PRODUCT)
+			{
+				throw new \Exception('Invalid grocycode');
+			}
 			return intval($gc->GetId());
 		}