zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-10 16:58:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

Small security fix in the API

Browse source
This commit is contained in:
Pinga 2023-11-14 14:29:56 +02:00
parent f8306f7a68
commit d0947bae43
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
cp/routes/web.php
View file

@ -104,7 +104,13 @@ $app->any('/api[/{params:.*}]', function (
return !in_array($tableName, $restrictedTables); return !in_array($tableName, $restrictedTables);
}, },
'authorization.columnHandler' => function ($operation, $tableName, $columnName) { 'authorization.columnHandler' => function ($operation, $tableName, $columnName) {
return !($tableName == 'registrar' && $columnName == 'pw'); if ($tableName == 'registrar' && $columnName == 'pw') {
return false;
}
if ($tableName == 'users' && $columnName == 'password') {
return false;
}
return true;
}, },
'sanitation.handler' => function ($operation, $tableName, $column, $value) { 'sanitation.handler' => function ($operation, $tableName, $column, $value) {
return is_string($value) ? strip_tags($value) : $value; return is_string($value) ? strip_tags($value) : $value;