Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

URGENT: Securityfix for new API

Browse Source
This commit is contained in:
int2001
2026-02-20 13:43:13 +00:00
parent 42a4924313
commit 93a6e10662
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
application/controllers/Api.php
View File

@@ -747,6 +747,7 @@ class API extends CI_Controller {
echo json_encode(['status' => 'failed', 'reason' => "missing api key"]);
die();
}
$api_user_id = $this->api_model->key_userid($obj['key']);
if(!isset($obj['logbook_public_slug'])) {
http_response_code(400);
echo json_encode(['status' => 'failed', 'reason' => "missing fields"]);
@@ -765,6 +766,11 @@ class API extends CI_Controller {
$cnfm = null;
}
$this->load->model('logbooks_model');
if(!$this->logbooks_model->public_slug_belongs_to_user($logbook_slug, $api_user_id)) {
http_response_code(403);
echo json_encode(['status' => 'failed', 'reason' => "logbook does not belong to this api key"]);
die();
}
if($this->logbooks_model->public_slug_exists($logbook_slug)) {
$logbook_id = $this->logbooks_model->public_slug_exists_logbook_id($logbook_slug);
if($logbook_id != false)