Small code fixes in API code
This commit is contained in:
@@ -94,7 +94,7 @@ if ($API_devices->request_method === 'POST') {
|
||||
$requestedPath = realpath($_SERVER['DOCUMENT_ROOT'] . $relativePath);
|
||||
|
||||
// Validate resolved path
|
||||
if (!$requestedPath || strpos($requestedPath, $root) !== 0) {
|
||||
if (!$requestedPath || !str_starts_with($requestedPath, $root)) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['status' => 'error', 'message' => 'Access denied']);
|
||||
exit;
|
||||
|
||||
@@ -32,8 +32,6 @@ if ($API_office_stompjes->request_method === 'GET') {
|
||||
|
||||
$API_office_stompjes->addStomp();
|
||||
|
||||
$API_office_stompjes->apiOutput($code = 200, ['success' => 'stomp added successfully.']);
|
||||
|
||||
} elseif ($API_office_stompjes->request_method === 'DELETE') {
|
||||
|
||||
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission
|
||||
|
||||
@@ -24,7 +24,7 @@ if ($API_mailsettings->request_method === 'PUT') {
|
||||
'mail_smtp_pass' => ['type' => 'string']
|
||||
];
|
||||
# check if the password is changed
|
||||
$updatePassword = str_contains($API_mailsettings->postedData['mail_smtp_pass'], '******') ? false : true;
|
||||
$updatePassword = !str_contains($API_mailsettings->postedData['mail_smtp_pass'], '******');
|
||||
if ($updatePassword) {
|
||||
if (strlen($API_mailsettings->postedData['mail_smtp_pass']) < 12) {
|
||||
$API_mailsettings->apiOutput(400, ['error' => 'Password too short']);
|
||||
|
||||
@@ -9,9 +9,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/imageProcessor.php';
|
||||
|
||||
$API_usersavatar = new API_usersavatar();
|
||||
|
||||
if ($API_usersavatar->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_usersavatar->request_method === 'POST') {
|
||||
if ($API_usersavatar->request_method === 'POST') {
|
||||
# Reset a users password and send an email the user to set a new password
|
||||
|
||||
$API_usersavatar->postedData['user_profile_picture'] = $API_usersavatar->createUserImage(['min_width' => 500, 'max_width' => 1000, 'min_height' => 500, 'max_height' => 1000, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
|
||||
@@ -34,8 +32,4 @@ if ($API_usersavatar->request_method === 'GET') {
|
||||
|
||||
$API_usersavatar->apiOutput(200, ['success' => 'Avatar was successfully changed.']);
|
||||
|
||||
} elseif ($API_usersavatar->request_method === 'PUT') {
|
||||
|
||||
} elseif ($API_usersavatar->request_method === 'DELETE') {
|
||||
|
||||
}
|
||||
@@ -11,9 +11,7 @@ use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
|
||||
|
||||
$API_mfa = new API_mfa();
|
||||
|
||||
if ($API_mfa->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_mfa->request_method === 'POST') {
|
||||
if ($API_mfa->request_method === 'POST') {
|
||||
# Set up a new MFA secret its posted from mfaSetup.php where it generated a secret
|
||||
|
||||
if (checkLoginAttempts() > 10) {
|
||||
@@ -49,8 +47,6 @@ if ($API_mfa->request_method === 'GET') {
|
||||
|
||||
$API_mfa->enableMFA();
|
||||
|
||||
} elseif ($API_mfa->request_method === 'PUT') {
|
||||
|
||||
} elseif ($API_mfa->request_method === 'DELETE') {
|
||||
|
||||
# Delete a mfa code for a user
|
||||
|
||||
@@ -12,9 +12,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
|
||||
|
||||
$API_resetpassword = new API_resetpassword();
|
||||
|
||||
if ($API_resetpassword->request_method === 'GET') {
|
||||
|
||||
} elseif ($API_resetpassword->request_method === 'POST') {
|
||||
if ($API_resetpassword->request_method === 'POST') {
|
||||
# Reset a users password and send a mail to the user to set a new password
|
||||
|
||||
$API_resetpassword->checkPermissions('admin-access-admins-resetpassword', 'RW');
|
||||
@@ -71,8 +69,4 @@ The Sentri gnomes
|
||||
$mail->sendMail();
|
||||
$API_resetpassword->apiOutput(200, ['success' => 'Password reset link sent successfully.']);
|
||||
|
||||
} elseif ($API_resetpassword->request_method === 'PUT') {
|
||||
|
||||
} elseif ($API_resetpassword->request_method === 'DELETE') {
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user