Sanitize user input on all API routes (references #996)

2025-08-16 10:44:37 +00:00 · 2020-10-14 22:49:29 +02:00
parent 7b8438bfa2
commit c11001467b
12 changed files with 98 additions and 28 deletions
--- a/controllers/RecipesApiController.php
+++ b/controllers/RecipesApiController.php
@@ -10,7 +10,7 @@ class RecipesApiController extends BaseApiController
 	{
 		User::checkPermission($request, User::PERMISSION_SHOPPINGLIST_ITEMS_ADD);

-		$requestBody = $request->getParsedBody();
+		$requestBody = $this->GetParsedAndFilteredRequestBody($request);
 		$excludedProductIds = null;

 		if ($requestBody !== null && array_key_exists('excludedProductIds', $requestBody))