forked from projects/fipamo
added field check for page edits to make sure unnecessary fields are not being added
This commit is contained in:
Ro
parent
ccbf55bb54
commit
934d29f4cf
2 changed files with 38 additions and 2 deletions
|
|
@ -105,6 +105,7 @@ class PagesAPI
|
||||||
case "create":
|
case "create":
|
||||||
case "write":
|
case "write":
|
||||||
$body = $request->getParsedBody();
|
$body = $request->getParsedBody();
|
||||||
|
$passed = true;
|
||||||
if (!isset($body["form_token"])) {
|
if (!isset($body["form_token"])) {
|
||||||
$result = [
|
$result = [
|
||||||
"message" => "No form token. Not good, sport.",
|
"message" => "No form token. Not good, sport.",
|
||||||
|
|
@ -113,7 +114,40 @@ class PagesAPI
|
||||||
} else {
|
} else {
|
||||||
if ($body["form_token"] == Session::get("form_token")) {
|
if ($body["form_token"] == Session::get("form_token")) {
|
||||||
//TODO: Verify form fields
|
//TODO: Verify form fields
|
||||||
$result = (new Book("../content/pages"))->editPage($task, $request);
|
$keys = [
|
||||||
|
"id",
|
||||||
|
"uuid",
|
||||||
|
"layout",
|
||||||
|
"current_title",
|
||||||
|
"content",
|
||||||
|
"title",
|
||||||
|
"created",
|
||||||
|
"slug",
|
||||||
|
"tags",
|
||||||
|
"menu",
|
||||||
|
"featured",
|
||||||
|
"published",
|
||||||
|
"form_token",
|
||||||
|
"feature_image",
|
||||||
|
];
|
||||||
|
|
||||||
|
foreach ($body as $key => $item) {
|
||||||
|
if (!in_array($key, $keys)) {
|
||||||
|
//found unnecessary key, so reject submission
|
||||||
|
$passed = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($passed) {
|
||||||
|
$result = (new Book("../content/pages"))->editPage(
|
||||||
|
$task,
|
||||||
|
$request
|
||||||
|
);
|
||||||
|
} else {
|
||||||
|
$result = [
|
||||||
|
"message" => "Form token, auth failed. Uh oh.",
|
||||||
|
"type" => "TASK_FORM_AUTH",
|
||||||
|
];
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
$result = [
|
$result = [
|
||||||
"message" => "Form token, auth failed. Uh oh.",
|
"message" => "Form token, auth failed. Uh oh.",
|
||||||
|
|
|
||||||
|
|
@ -148,7 +148,9 @@ class Book
|
||||||
"id" => $uuid,
|
"id" => $uuid,
|
||||||
];
|
];
|
||||||
|
|
||||||
//**just testing to see why indexing isn't working **
|
//TODO: When form submission is successful, make new form token
|
||||||
|
$form_token = md5(uniqid(microtime(), true));
|
||||||
|
Session::set("form_token", $form_token);
|
||||||
|
|
||||||
//once saved, update menu
|
//once saved, update menu
|
||||||
$body["path"] = $path;
|
$body["path"] = $path;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue