From d4bd6b2fb3e51b03d6e7632e3de66f5e8b0b7530 Mon Sep 17 00:00:00 2001
From: Bernd Bestel <bernd@berrnd.de>
Date: Fri, 15 Apr 2022 15:40:55 +0200
Subject: [PATCH] Fixed `/stock/products/{productId}/add` request body
 parameter validation (fixes #1860)

---
 changelog/68_UNRELEASED_xxxx-xx-xx.md | 55 +++++++++++++++++++++++++++
 controllers/StockApiController.php    |  4 +-
 2 files changed, 57 insertions(+), 2 deletions(-)
 create mode 100644 changelog/68_UNRELEASED_xxxx-xx-xx.md

diff --git a/changelog/68_UNRELEASED_xxxx-xx-xx.md b/changelog/68_UNRELEASED_xxxx-xx-xx.md
new file mode 100644
index 00000000..ccb3a9aa
--- /dev/null
+++ b/changelog/68_UNRELEASED_xxxx-xx-xx.md
@@ -0,0 +1,55 @@
+> ⚠️ xxxBREAKING CHANGESxxx
+
+> ❗ xxxImportant upgrade informationXXX
+
+### New feature: xxxx
+
+- xxx
+
+### Stock
+
+- xxx
+
+### Shopping list
+
+- xxx
+
+### Recipes
+
+- xxx
+
+### Meal plan
+
+- xxx
+
+### Chores
+
+- xxx
+
+### Calendar
+
+- xxx
+
+### Tasks
+
+- xxx
+
+### Batteries
+
+- xxx
+
+### Equipment
+
+- xxx
+
+### Userfields
+
+- xxx
+
+### General
+
+- xxx
+
+### API
+
+- Endpoint `/stock/products/{productId}/add`: Fixed that the request body parameter `transaction_type` was ignored / always set to `purchase`
diff --git a/controllers/StockApiController.php b/controllers/StockApiController.php
index e34d69e0..b04640c3 100644
--- a/controllers/StockApiController.php
+++ b/controllers/StockApiController.php
@@ -130,9 +130,9 @@ class StockApiController extends BaseApiController
 			}
 
 			$transactionType = StockService::TRANSACTION_TYPE_PURCHASE;
-			if (array_key_exists('transaction_type', $requestBody) && !empty($requestBody['transactiontype']))
+			if (array_key_exists('transaction_type', $requestBody) && !empty($requestBody['transaction_type']))
 			{
-				$transactionType = $requestBody['transactiontype'];
+				$transactionType = $requestBody['transaction_type'];
 			}
 
 			$stockLabelType = 0;