are0h
/
Fipamo
1
2
Fork 0
Code Issues 19 Pull Requests 1 Packages Projects 1 Releases 22 Wiki Activity

added field check for page edits to make sure unnecessary fields are not being added

Browse Source
pull/84/head
Ro 3 years ago
parent ccbf55bb54
commit 934d29f4cf
2 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File

36
brain/api/v1/PagesAPI.inc.php
Unescape Escape View File

@ -105,6 +105,7 @@ class PagesAPI
case "create":
case "write":
$body = $request->getParsedBody();
$passed = true;
if (!isset($body["form_token"])) {
$result = [
"message" => "No form token. Not good, sport.",
@ -113,7 +114,40 @@ class PagesAPI
} else {
if ($body["form_token"] == Session::get("form_token")) {
//TODO: Verify form fields
$result = (new Book("../content/pages"))->editPage($task, $request);
$keys = [
"id",
"uuid",
"layout",
"current_title",
"content",
"title",
"created",
"slug",
"tags",
"menu",
"featured",
"published",
"form_token",
"feature_image",
];
foreach ($body as $key => $item) {
if (!in_array($key, $keys)) {
//found unnecessary key, so reject submission
$passed = false;
}
}
if ($passed) {
$result = (new Book("../content/pages"))->editPage(
$task,
$request
);
} else {
$result = [
"message" => "Form token, auth failed. Uh oh.",
"type" => "TASK_FORM_AUTH",
];
}
} else {
$result = [
"message" => "Form token, auth failed. Uh oh.",

4
brain/data/Book.inc.php
Unescape Escape View File

@ -148,7 +148,9 @@ class Book
"id" => $uuid,
];
//**just testing to see why indexing isn't working **
//TODO: When form submission is successful, make new form token
$form_token = md5(uniqid(microtime(), true));
Session::set("form_token", $form_token);
//once saved, update menu
$body["path"] = $path;

Write Preview
Loading…
Cancel
Save