Run custom field data through sanitizer when saving via API
[MAILPOET-5241]
This commit is contained in:
committed by
Aschepikov
parent
bc950d0616
commit
6c2cda36b0
@ -9,6 +9,7 @@ use MailPoet\API\JSON\ResponseBuilders\CustomFieldsResponseBuilder;
|
||||
use MailPoet\Config\AccessControl;
|
||||
use MailPoet\CustomFields\CustomFieldsRepository;
|
||||
use MailPoet\Entities\CustomFieldEntity;
|
||||
use MailPoet\Form\ApiDataSanitizer;
|
||||
|
||||
class CustomFields extends APIEndpoint {
|
||||
public $permissions = [
|
||||
@ -21,12 +22,17 @@ class CustomFields extends APIEndpoint {
|
||||
/** @var CustomFieldsResponseBuilder */
|
||||
private $customFieldsResponseBuilder;
|
||||
|
||||
/** @var ApiDataSanitizer */
|
||||
private $dataSanitizer;
|
||||
|
||||
public function __construct(
|
||||
CustomFieldsRepository $customFieldsRepository,
|
||||
CustomFieldsResponseBuilder $customFieldsResponseBuilder
|
||||
CustomFieldsResponseBuilder $customFieldsResponseBuilder,
|
||||
ApiDataSanitizer $dataSanitizer
|
||||
) {
|
||||
$this->customFieldsRepository = $customFieldsRepository;
|
||||
$this->customFieldsResponseBuilder = $customFieldsResponseBuilder;
|
||||
$this->dataSanitizer = $dataSanitizer;
|
||||
}
|
||||
|
||||
public function getAll() {
|
||||
@ -51,6 +57,7 @@ class CustomFields extends APIEndpoint {
|
||||
|
||||
public function save($data = []) {
|
||||
try {
|
||||
$data = $this->dataSanitizer->sanitizeBlock($data);
|
||||
$customField = $this->customFieldsRepository->createOrUpdate($data);
|
||||
$customField = $this->customFieldsRepository->findOneById($customField->getId());
|
||||
if(!$customField instanceof CustomFieldEntity) return $this->errorResponse();
|
||||
|
Reference in New Issue
Block a user