Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

NEW Api parameters are sanitized by the WAF, same code than GET/POST

Browse Source
This commit is contained in:
Laurent Destailleur
2024-04-02 12:28:55 +02:00
parent 87348ceac3
commit 990216b13f
35 changed files with 177 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/reception/class/api_receptions.class.php
View File

@@ -188,11 +188,11 @@ class Receptions extends DolibarrApi
foreach ($request_data as $field => $value) {
if ($field === 'caller') {
// Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
$this->reception->context['caller'] = $request_data['caller'];
$this->reception->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
continue;
}
$this->reception->$field = $value;
$this->reception->$field = $this->_checkValForAPI($field, $value, $this->reception);
}
if (isset($request_data["lines"])) {
$lines = array();
@@ -443,11 +443,11 @@ class Receptions extends DolibarrApi
}
if ($field === 'caller') {
// Add a mention of caller so on trigger called after action, we can filter to avoid a loop if we try to sync back again with the caller
$this->reception->context['caller'] = $request_data['caller'];
$this->reception->context['caller'] = sanitizeVal($request_data['caller'], 'aZ09');
continue;
}
$this->reception->$field = $value;
$this->reception->$field = $this->_checkValForAPI($field, $value, $this->reception);
}
if ($this->reception->update(DolibarrApiAccess::$user) > 0) {