Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Run custom field data through sanitizer when saving via API

Browse Source 
[MAILPOET-5241]
This commit is contained in:
Rostislav Wolny
2023-04-18 13:51:21 +02:00
committed by Aschepikov
parent bc950d0616
commit 6c2cda36b0
3 changed files with 44 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
mailpoet/lib/API/JSON/v1/CustomFields.php
View File

@ -9,6 +9,7 @@ use MailPoet\API\JSON\ResponseBuilders\CustomFieldsResponseBuilder;
use MailPoet\Config\AccessControl;
use MailPoet\CustomFields\CustomFieldsRepository;
use MailPoet\Entities\CustomFieldEntity;
use MailPoet\Form\ApiDataSanitizer;
class CustomFields extends APIEndpoint {
public $permissions = [
@ -21,12 +22,17 @@ class CustomFields extends APIEndpoint {
/** @var CustomFieldsResponseBuilder */
private $customFieldsResponseBuilder;
/** @var ApiDataSanitizer */
private $dataSanitizer;
public function __construct(
CustomFieldsRepository $customFieldsRepository,
CustomFieldsResponseBuilder $customFieldsResponseBuilder
CustomFieldsResponseBuilder $customFieldsResponseBuilder,
ApiDataSanitizer $dataSanitizer
) {
$this->customFieldsRepository = $customFieldsRepository;
$this->customFieldsResponseBuilder = $customFieldsResponseBuilder;
$this->dataSanitizer = $dataSanitizer;
}
public function getAll() {
@ -51,6 +57,7 @@ class CustomFields extends APIEndpoint {
public function save($data = []) {
try {
$data = $this->dataSanitizer->sanitizeBlock($data);
$customField = $this->customFieldsRepository->createOrUpdate($data);
$customField = $this->customFieldsRepository->findOneById($customField->getId());
if(!$customField instanceof CustomFieldEntity) return $this->errorResponse();