Skip to content
Snippets Groups Projects

valuestore: disallow GET for action=update

Merged Hahn Axel (hahn) requested to merge 7470-disalow-get-for-valuestore-update into master
1 file
+ 7
3
Compare changes
  • Side-by-side
  • Inline
@@ -87,6 +87,12 @@ function getParam(string $sKey, string $sRegex4Cleanup = ''): bool|int|string
@@ -87,6 +87,12 @@ function getParam(string $sKey, string $sRegex4Cleanup = ''): bool|int|string
*/
*/
function disallowGet(string $sVar, string $sValue): void
function disallowGet(string $sVar, string $sValue): void
{
{
 
if (isset($_POST[$sVar]) && $_POST[$sVar] == $sValue) {
 
// the value was found in the POST scope
 
// then we don't need to check the GET scope
 
return;
 
}
 
if (isset($_GET[$sVar]) && $_GET[$sVar] == $sValue) {
if (isset($_GET[$sVar]) && $_GET[$sVar] == $sValue) {
quit("ERROR: $sVar = $sValue is not allowed with GET.");
quit("ERROR: $sVar = $sValue is not allowed with GET.");
}
}
@@ -108,9 +114,7 @@ if (
@@ -108,9 +114,7 @@ if (
}
}
disallowGet('action', 'cleanup');
disallowGet('action', 'cleanup');
disallowGet('action', 'delete');
disallowGet('action', 'delete');
disallowGet('action', 'update');
// used by Anasible to update the value ... I disable it for now to fix it in the near future
// disallowGet('action', 'update');
$sProject = getParam('project', '/[^a-z\-\_0-9]/');
$sProject = getParam('project', '/[^a-z\-\_0-9]/');
$sPackage = getParam('package', '/[^a-z\-\_0-9]/');
$sPackage = getParam('package', '/[^a-z\-\_0-9]/');
Loading