kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-16 10:44:37 +00:00
Code Issues Projects Releases Wiki Activity

Sanitize user input on all API routes (references #996)

Browse Source
This commit is contained in:
Bernd Bestel
2020-10-14 22:49:29 +02:00
parent 7b8438bfa2
commit c11001467b
12 changed files with 98 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
controllers/StockApiController.php
View File

@@ -13,7 +13,7 @@ class StockApiController extends BaseApiController
try
{
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
$listId = 1;
@@ -37,7 +37,7 @@ class StockApiController extends BaseApiController
try
{
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
$listId = 1;
@@ -59,7 +59,7 @@ class StockApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_STOCK_PURCHASE);
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
try
{
@@ -143,7 +143,7 @@ class StockApiController extends BaseApiController
try
{
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
$listId = 1;
$amount = 1;
@@ -190,7 +190,7 @@ class StockApiController extends BaseApiController
try
{
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
$listId = 1;
@@ -212,7 +212,7 @@ class StockApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_STOCK_CONSUME);
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
$result = null;
@@ -323,7 +323,7 @@ class StockApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_STOCK_EDIT);
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
try
{
@@ -399,7 +399,7 @@ class StockApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_STOCK_INVENTORY);
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
try
{
@@ -467,7 +467,7 @@ class StockApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_STOCK_OPEN);
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
try
{
@@ -582,7 +582,7 @@ class StockApiController extends BaseApiController
try
{
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
$listId = 1;
$amount = 1;
@@ -664,7 +664,7 @@ class StockApiController extends BaseApiController
{
User::checkPermission($request, User::PERMISSION_STOCK_TRANSFER);
$requestBody = $request->getParsedBody();
$requestBody = $this->GetParsedAndFilteredRequestBody($request);
try
{