kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-10-10 16:00:56 +00:00
Code Issues Projects Releases Wiki Activity

Only accept application/json requests for (JSON) API requests

Browse Source
This commit is contained in:
Bernd Bestel
2023-09-01 00:53:25 +02:00
parent 8c21969b84
commit 5080d776a7
3 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
controllers/BaseController.php
View File

@@ -19,6 +19,7 @@ use Grocy\Services\TasksService;
use Grocy\Services\UserfieldsService;
use Grocy\Services\UsersService;
use DI\Container;
use Slim\Exception\HttpException;
class BaseController
{
@@ -213,6 +214,11 @@ class BaseController
protected function GetParsedAndFilteredRequestBody($request)
{
if ($request->getHeaderLine('Content-Type') != 'application/json')
{
throw new HttpException($request, 'Bad Content-Type', 400);
}
if (self::$htmlPurifierInstance == null)
{
$htmlPurifierConfig = \HTMLPurifier_Config::createDefault();

2
controllers/LoginController.php
View File

@@ -22,7 +22,7 @@ class LoginController extends BaseController
public function ProcessLogin(Request $request, Response $response, array $args)
{
$authMiddlewareClass = GROCY_AUTH_CLASS;
if ($authMiddlewareClass::ProcessLogin($this->GetParsedAndFilteredRequestBody($request)))
if ($authMiddlewareClass::ProcessLogin($request->getParsedBody()))
{
return $response->withRedirect($this->AppContainer->get('UrlManager')->ConstructUrl('/'));
}