Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-19 15:23:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX 17.0 API endpoints "PUT": prevent overwriting all extrafields if only some are supplied in the request cf. PR #29237

Browse Source 
+ security for Tickets API: disable updating rowid
This commit is contained in:
atm-florian
2025-01-16 10:37:29 +01:00
parent c2c3879032
commit ba4e97f07b
29 changed files with 177 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/user/class/api_users.class.php
View File

@@ -406,6 +406,12 @@ class Users extends DolibarrApi
throw new RestException(500, 'Error when updating status of user: '.$this->useraccount->error);
}
} else {
if ($field == 'array_options' && is_array($value)) {
foreach ($value as $index => $val) {
$this->useraccount->array_options[$index] = $this->_checkValForAPI($field, $val, $this->useraccount);
}
continue;
}
$this->useraccount->$field = $value;
}
}