From 778e7b335e3d8aaa720c013ee7abd8c8bfcf5b9b Mon Sep 17 00:00:00 2001 From: yuri Date: Fri, 14 Aug 2015 16:54:50 +0300 Subject: [PATCH] request check fixes --- application/Espo/Controllers/ExternalAccount.php | 16 ++++++++++------ application/Espo/Controllers/Integration.php | 2 +- application/Espo/Controllers/Layout.php | 4 ++-- application/Espo/Controllers/Preferences.php | 4 ++-- application/Espo/Controllers/Settings.php | 4 ++-- 5 files changed, 17 insertions(+), 13 deletions(-) diff --git a/application/Espo/Controllers/ExternalAccount.php b/application/Espo/Controllers/ExternalAccount.php index 9e8db6ee2b..2dde3bf1c4 100644 --- a/application/Espo/Controllers/ExternalAccount.php +++ b/application/Espo/Controllers/ExternalAccount.php @@ -18,12 +18,13 @@ * * You should have received a copy of the GNU General Public License * along with EspoCRM. If not, see http://www.gnu.org/licenses/. - ************************************************************************/ + ************************************************************************/ namespace Espo\Controllers; use \Espo\Core\Exceptions\Error; use \Espo\Core\Exceptions\Forbidden; +use \Espo\Core\Exceptions\BadRequest; class ExternalAccount extends \Espo\Core\Controllers\Record { @@ -34,7 +35,7 @@ class ExternalAccount extends \Espo\Core\Controllers\Record $integrations = $this->getEntityManager()->getRepository('Integration')->find(); $arr = array(); foreach ($integrations as $entity) { - if ($entity->get('enabled') && $this->getMetadata()->get('integrations.' . $entity->id .'.allowUserAccounts')) { + if ($entity->get('enabled') && $this->getMetadata()->get('integrations.' . $entity->id .'.allowUserAccounts')) { $arr[] = array( 'id' => $entity->id ); @@ -77,15 +78,18 @@ class ExternalAccount extends \Espo\Core\Controllers\Record return $entity->toArray(); } - public function actionUpdate($params, $data) + public function actionUpdate($params, $data, $request) { - return $this->actionPatch($params, $data); + return $this->actionPatch($params, $data, $request); } - public function actionPatch($params, $data) + public function actionPatch($params, $data, $request) { - list($integration, $userId) = explode('__', $params['id']); + if (!$request->isPost() && !$request->isPatch()) { + throw new BadRequest(); + } + list($integration, $userId) = explode('__', $params['id']); if ($this->getUser()->id != $userId) { throw new Forbidden(); diff --git a/application/Espo/Controllers/Integration.php b/application/Espo/Controllers/Integration.php index 023ea3bbc5..34557a5820 100644 --- a/application/Espo/Controllers/Integration.php +++ b/application/Espo/Controllers/Integration.php @@ -51,7 +51,7 @@ class Integration extends \Espo\Core\Controllers\Record public function actionUpdate($params, $data, $request) { - return $this->actionPatch($params, $data); + return $this->actionPatch($params, $data, $request); } public function actionPatch($params, $data, $request) diff --git a/application/Espo/Controllers/Layout.php b/application/Espo/Controllers/Layout.php index fe638597ab..911f011b25 100644 --- a/application/Espo/Controllers/Layout.php +++ b/application/Espo/Controllers/Layout.php @@ -62,9 +62,9 @@ class Layout extends \Espo\Core\Controllers\Base return $layoutManager->get($params['scope'], $params['name']); } - public function actionPatch($params, $data) + public function actionPatch($params, $data, $request) { - return $this->actionUpdate($params, $data); + return $this->actionUpdate($params, $data, $request); } public function actionResetToDefault($params, $data, $request) diff --git a/application/Espo/Controllers/Preferences.php b/application/Espo/Controllers/Preferences.php index cdfcf5bef2..5a19f98b6b 100644 --- a/application/Espo/Controllers/Preferences.php +++ b/application/Espo/Controllers/Preferences.php @@ -67,9 +67,9 @@ class Preferences extends \Espo\Core\Controllers\Base return $this->getEntityManager()->getRepository('Preferences')->resetToDefaults($userId); } - public function actionPatch($params, $data) + public function actionPatch($params, $data, $request) { - return $this->actionUpdate($params, $data); + return $this->actionUpdate($params, $data, $request); } public function actionUpdate($params, $data, $request) diff --git a/application/Espo/Controllers/Settings.php b/application/Espo/Controllers/Settings.php index 92f74e2d68..b621982094 100644 --- a/application/Espo/Controllers/Settings.php +++ b/application/Espo/Controllers/Settings.php @@ -47,9 +47,9 @@ class Settings extends \Espo\Core\Controllers\Base return $this->getConfigData(); } - public function actionUpdate($params, $data) + public function actionUpdate($params, $data, $request) { - return $this->actionPatch($params, $data); + return $this->actionPatch($params, $data, $request); } public function actionPatch($params, $data, $request)