From 9041c21b8bed2a64fd9c6312fd11529fbfd51d55 Mon Sep 17 00:00:00 2001 From: Maxi Redigonda Date: Thu, 10 Oct 2019 16:03:44 -0300 Subject: [PATCH] Fix lack of sanitization for path ticket/edit-comment --- server/controllers/ticket/edit-comment.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/server/controllers/ticket/edit-comment.php b/server/controllers/ticket/edit-comment.php index a3f6bfc2..c924694b 100644 --- a/server/controllers/ticket/edit-comment.php +++ b/server/controllers/ticket/edit-comment.php @@ -10,16 +10,16 @@ DataValidator::with('CustomValidations', true); * * @apiGroup Ticket * - * @apiDescription This path edit a comment. + * @apiDescription This path edits a comment. * * @apiPermission user * * @apiParam {String} content The new content of the comment. * @apiParam {Number} ticketEventId The id of the ticket event. - * @apiParam {Number} ticketNumber The id of the ticket number. + * @apiParam {Number} ticketNumber The number of the ticket. * * @apiUse NO_PERMISSION - * @apiUse INVALID_CONENT + * @apiUse INVALID_CONTENT * * @apiSuccess {Object} data Empty object * @@ -43,7 +43,7 @@ class EditCommentController extends Controller { public function handler() { $user = Controller::getLoggedUser(); - $newcontent = Controller::request('content'); + $newcontent = Controller::request('content', true); $ticketNumberLog = null; $ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId')); @@ -69,7 +69,7 @@ class EditCommentController extends Controller { $ticketevent->content = $newcontent; $ticketevent->editedContent = true; $ticketevent->store(); - }else{ + } else { $ticketNumber = $ticket->ticketNumber; $ticket->content = $newcontent;