lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a protection for bad syntax of api key

Browse Source
This commit is contained in:
Laurent Destailleur 2023-03-15 12:54:04 +01:00
parent dc80e6b029
commit 657d964899
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/api/class/api_access.class.php
View File

@ -106,6 +106,9 @@ class DolibarrApiAccess implements iAuthenticate
if (isset($_SERVER['HTTP_DOLAPIKEY'])) { // Param DOLAPIKEY in header can be read with HTTP_DOLAPIKEY
$api_key = $_SERVER['HTTP_DOLAPIKEY']; // With header method (recommanded)
}
if (preg_match('/^dolcrypt:/i', $api_key)) {
throw new RestException(503, 'Bad value for the API key. An API key should not start with dolcrypt:');
}
if ($api_key) {
$userentity = 0;