tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix lack of sanitization for path ticket/edit-comment

This commit is contained in:
Maxi Redigonda 2019-10-10 16:03:44 -03:00
parent 620cd6b876
commit 9041c21b8b
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
server/controllers/ticket/edit-comment.php
View File

@ -10,16 +10,16 @@ DataValidator::with('CustomValidations', true);
*
* @apiGroup Ticket
*
* @apiDescription This path edit a comment.
* @apiDescription This path edits a comment.
*
* @apiPermission user
*
* @apiParam {String} content The new content of the comment.
* @apiParam {Number} ticketEventId The id of the ticket event.
* @apiParam {Number} ticketNumber The id of the ticket number.
* @apiParam {Number} ticketNumber The number of the ticket.
*
* @apiUse NO_PERMISSION
* @apiUse INVALID_CONENT
* @apiUse INVALID_CONTENT
*
* @apiSuccess {Object} data Empty object
*
@ -43,7 +43,7 @@ class EditCommentController extends Controller {
public function handler() {
$user = Controller::getLoggedUser();
$newcontent = Controller::request('content');
$newcontent = Controller::request('content', true);
$ticketNumberLog = null;
$ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId'));
@ -69,7 +69,7 @@ class EditCommentController extends Controller {
$ticketevent->content = $newcontent;
$ticketevent->editedContent = true;
$ticketevent->store();
}else{
} else {
$ticketNumber = $ticket->ticketNumber;
$ticket->content = $newcontent;