added field check for page edits to make sure unnecessary fields are not being added
This commit is contained in:
parent
ccbf55bb54
commit
934d29f4cf
2 changed files with 38 additions and 2 deletions
|
@ -105,6 +105,7 @@ class PagesAPI
|
|||
case "create":
|
||||
case "write":
|
||||
$body = $request->getParsedBody();
|
||||
$passed = true;
|
||||
if (!isset($body["form_token"])) {
|
||||
$result = [
|
||||
"message" => "No form token. Not good, sport.",
|
||||
|
@ -113,7 +114,40 @@ class PagesAPI
|
|||
} else {
|
||||
if ($body["form_token"] == Session::get("form_token")) {
|
||||
//TODO: Verify form fields
|
||||
$result = (new Book("../content/pages"))->editPage($task, $request);
|
||||
$keys = [
|
||||
"id",
|
||||
"uuid",
|
||||
"layout",
|
||||
"current_title",
|
||||
"content",
|
||||
"title",
|
||||
"created",
|
||||
"slug",
|
||||
"tags",
|
||||
"menu",
|
||||
"featured",
|
||||
"published",
|
||||
"form_token",
|
||||
"feature_image",
|
||||
];
|
||||
|
||||
foreach ($body as $key => $item) {
|
||||
if (!in_array($key, $keys)) {
|
||||
//found unnecessary key, so reject submission
|
||||
$passed = false;
|
||||
}
|
||||
}
|
||||
if ($passed) {
|
||||
$result = (new Book("../content/pages"))->editPage(
|
||||
$task,
|
||||
$request
|
||||
);
|
||||
} else {
|
||||
$result = [
|
||||
"message" => "Form token, auth failed. Uh oh.",
|
||||
"type" => "TASK_FORM_AUTH",
|
||||
];
|
||||
}
|
||||
} else {
|
||||
$result = [
|
||||
"message" => "Form token, auth failed. Uh oh.",
|
||||
|
|
|
@ -148,7 +148,9 @@ class Book
|
|||
"id" => $uuid,
|
||||
];
|
||||
|
||||
//**just testing to see why indexing isn't working **
|
||||
//TODO: When form submission is successful, make new form token
|
||||
$form_token = md5(uniqid(microtime(), true));
|
||||
Session::set("form_token", $form_token);
|
||||
|
||||
//once saved, update menu
|
||||
$body["path"] = $path;
|
||||
|
|
Loading…
Reference in a new issue