Add method checkValForAPI to clean data from API input
This commit is contained in:
Laurent Destailleur
parent
29b1f2b58a
commit
f54d14bfd6
@ -73,22 +73,24 @@ class DolibarrApi
|
||||
}
|
||||
|
||||
/**
|
||||
* Executed method when API is called without parameter
|
||||
* Check and convert a string depending on its type/name.
|
||||
*
|
||||
* Display a short message an return a http code 200
|
||||
*
|
||||
* @return array
|
||||
* @param string $field Field name
|
||||
* @param string $value Value to check/clean
|
||||
* @param stdClass $object Object
|
||||
* @return string Value cleaned
|
||||
*/
|
||||
/* Disabled, most APIs does not share same signature for method index
|
||||
function index()
|
||||
protected function checkValForAPI($field, $value, $object)
|
||||
{
|
||||
return array(
|
||||
'success' => array(
|
||||
'code' => 200,
|
||||
'message' => __class__.' is up and running!'
|
||||
)
|
||||
);
|
||||
}*/
|
||||
// TODO Use type detected in $object->fields
|
||||
if (in_array($field, array('note', 'note_private', 'note_public', 'desc', 'description'))) {
|
||||
return checkVal($value, 'restricthtml');
|
||||
} else {
|
||||
return checkVal($value, 'alphanohtml');
|
||||
}
|
||||
}
|
||||
|
||||
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.PublicUnderscore
|
||||
/**
|
||||
|
||||
@ -217,7 +217,7 @@ class AgendaEvents extends DolibarrApi
|
||||
$result = $this->_validate($request_data);
|
||||
|
||||
foreach ($request_data as $field => $value) {
|
||||
$this->actioncomm->$field = $value;
|
||||
$this->actioncomm->$field = $this->checkValForAPI($field, $value, $this->actioncomm);
|
||||
}
|
||||
/*if (isset($request_data["lines"])) {
|
||||
$lines = array();
|
||||
@ -226,6 +226,7 @@ class AgendaEvents extends DolibarrApi
|
||||
}
|
||||
$this->expensereport->lines = $lines;
|
||||
}*/
|
||||
|
||||
if ($this->actioncomm->create(DolibarrApiAccess::$user) < 0) {
|
||||
throw new RestException(500, "Error creating event", array_merge(array($this->actioncomm->error), $this->actioncomm->errors));
|
||||
}
|
||||
@ -268,7 +269,8 @@ class AgendaEvents extends DolibarrApi
|
||||
if ($field == 'id') {
|
||||
continue;
|
||||
}
|
||||
$this->actioncomm->$field = $value;
|
||||
|
||||
$this->actioncomm->$field = $this->checkValForAPI($field, $value, $this->actioncomm);
|
||||
}
|
||||
|
||||
if ($this->actioncomm->update(DolibarrApiAccess::$user, 1) > 0) {
|
||||
@ -299,7 +301,7 @@ class AgendaEvents extends DolibarrApi
|
||||
}
|
||||
|
||||
if (!DolibarrApiAccess::$user->rights->agenda->allactions->delete && DolibarrApiAccess::$user->id != $this->actioncomm->userownerid) {
|
||||
throw new RestException(401, "Insufficient rights to delete an Agenda Event of owner id ".$request_data['userownerid'].' Your id is '.DolibarrApiAccess::$user->id);
|
||||
throw new RestException(401, "Insufficient rights to delete an Agenda Event of owner id ".$this->actioncomm->userownerid.' Your id is '.DolibarrApiAccess::$user->id);
|
||||
}
|
||||
|
||||
if (!$result) {
|
||||
|
||||
@ -29,7 +29,6 @@ require_once DOL_DOCUMENT_ROOT.'/compta/bank/class/account.class.php';
|
||||
*/
|
||||
class BankAccounts extends DolibarrApi
|
||||
{
|
||||
|
||||
/**
|
||||
* array $FIELDS Mandatory fields, checked when creating an object
|
||||
*/
|
||||
@ -158,7 +157,7 @@ class BankAccounts extends DolibarrApi
|
||||
|
||||
$account = new Account($this->db);
|
||||
foreach ($request_data as $field => $value) {
|
||||
$account->$field = $value;
|
||||
$account->$field = $this->checkValForAPI($field, $value, $account);
|
||||
}
|
||||
// Date of the initial balance (required to create an account).
|
||||
$account->date_solde = time();
|
||||
@ -333,7 +332,7 @@ class BankAccounts extends DolibarrApi
|
||||
if ($field == 'id') {
|
||||
continue;
|
||||
}
|
||||
$account->$field = $value;
|
||||
$account->$field = $this->checkValForAPI($field, $value, $account);
|
||||
}
|
||||
|
||||
if ($account->update(DolibarrApiAccess::$user) > 0) {
|
||||
|
||||
@ -213,7 +213,7 @@ class MyModuleApi extends DolibarrApi
|
||||
$result = $this->_validate($request_data);
|
||||
|
||||
foreach ($request_data as $field => $value) {
|
||||
$this->myobject->$field = $value;
|
||||
$this->myobject->$field = $this->checkValForAPI($field, $value, $this->myobject);
|
||||
}
|
||||
|
||||
// Clean data
|
||||
@ -255,7 +255,7 @@ class MyModuleApi extends DolibarrApi
|
||||
if ($field == 'id') {
|
||||
continue;
|
||||
}
|
||||
$this->myobject->$field = $value;
|
||||
$this->myobject->$field = $this->checkValForAPI($field, $value, $this->myobject);
|
||||
}
|
||||
|
||||
// Clean data
|
||||
|
||||
Loading…
Reference in New Issue
Block a user