kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-13 01:06:23 +00:00
Code Issues Projects Releases Wiki Activity

Sanitize user input on all API routes (references #996)

Browse Source
This commit is contained in:
Bernd Bestel
2020-10-14 22:49:29 +02:00
parent 7b8438bfa2
commit c11001467b
12 changed files with 98 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
controllers/GenericEntityApiController.php
View File

@@ -18,7 +18,7 @@ class GenericEntityApiController extends BaseApiController
User::checkPermission($request, User::PERMISSION_ADMIN);
}
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
try
{
@@ -78,7 +78,8 @@ class GenericEntityApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_ADMIN);
}
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
try
{
@@ -202,7 +203,7 @@ class GenericEntityApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_MASTER_DATA_EDIT);
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
try
{