Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-06 09:02:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clean value

Browse Source
This commit is contained in:
Laurent Destailleur
2024-02-01 00:54:03 +01:00
parent 181670df6a
commit db133ce471
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/api/class/api_access.class.php
View File

@@ -111,6 +111,9 @@ class DolibarrApiAccess implements iAuthenticate
if (isset($_SERVER['HTTP_DOLAPIKEY'])) { // Param DOLAPIKEY in header can be read with HTTP_DOLAPIKEY
$api_key = $_SERVER['HTTP_DOLAPIKEY']; // With header method (recommended)
}
$api_key = dol_string_nounprintableascii($api_key);
if (preg_match('/^dolcrypt:/i', $api_key)) {
throw new RestException(503, 'Bad value for the API key. An API key should not start with dolcrypt:');
}