kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-10-15 08:35:00 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #9953 from firefly-iii/fix-9876

Browse Source 
Fix #9876
This commit is contained in:
James Cole
2025-03-09 10:35:38 +01:00
committed by GitHub
parent b60021e0ce a8e1c22c93
commit 4c797c1d4c
2 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/Http/Middleware/AcceptHeaders.php
View File

@@ -50,13 +50,19 @@ class AcceptHeaders
throw new BadHttpHeaderException(sprintf('Accept header "%s" is not something this server can provide.', $request->header('Accept')));
}
// if bad 'Content-Type' header, refuse service.
if (('POST' === $method || 'PUT' === $method) && !$request->hasHeader('Content-Type')) {
// some routes are exempt from this.
$exempt = [
'api.v1.data.bulk.transactions'
];
if (('POST' === $method || 'PUT' === $method) && !$request->hasHeader('Content-Type') && !in_array($request->route()->getName(), $exempt, true)) {
$error = new BadHttpHeaderException('Content-Type header cannot be empty.');
$error->statusCode = 415;
throw $error;
}
if (('POST' === $method || 'PUT' === $method) && !$this->acceptsHeader($submitted, $contentTypes)) {
if (('POST' === $method || 'PUT' === $method) && !$this->acceptsHeader($submitted, $contentTypes) && !in_array($request->route()->getName(), $exempt, true)) {
$error = new BadHttpHeaderException(sprintf('Content-Type cannot be "%s"', $submitted));
$error->statusCode = 415;

9
app/Validation/Api/Data/Bulk/ValidatesBulkTransactionQuery.php
View File

@@ -33,10 +33,13 @@ trait ValidatesBulkTransactionQuery
{
$data = $validator->getData();
// assumption is all validation has already taken place and the query key exists.
$json = json_decode($data['query'], true, 8, JSON_THROW_ON_ERROR);
$query =$data['query'] ?? '[]';
$json = json_decode($query, true, 8, JSON_THROW_ON_ERROR);
if (array_key_exists('account_id', $json['where'])
&& array_key_exists('account_id', $json['update'])
if (
array_key_exists('where', $json) &&
array_key_exists('update', $json) &&
array_key_exists('account_id', $json['where']) && array_key_exists('account_id', $json['update'])
) {
// find both accounts, must be same type.
// already validated: belongs to this user.