Small code fixes in API code

This commit is contained in:
2026-06-15 16:04:21 +02:00
parent 7429cd367d
commit 16be5448be
20 changed files with 64 additions and 75 deletions

View File

@@ -94,7 +94,7 @@ if ($API_devices->request_method === 'POST') {
$requestedPath = realpath($_SERVER['DOCUMENT_ROOT'] . $relativePath);
// Validate resolved path
if (!$requestedPath || strpos($requestedPath, $root) !== 0) {
if (!$requestedPath || !str_starts_with($requestedPath, $root)) {
http_response_code(403);
echo json_encode(['status' => 'error', 'message' => 'Access denied']);
exit;

View File

@@ -32,8 +32,6 @@ if ($API_office_stompjes->request_method === 'GET') {
$API_office_stompjes->addStomp();
$API_office_stompjes->apiOutput($code = 200, ['success' => 'stomp added successfully.']);
} elseif ($API_office_stompjes->request_method === 'DELETE') {
# Only superuser can delete permission due to fact that the backend needs programming when setting a permission

View File

@@ -24,7 +24,7 @@ if ($API_mailsettings->request_method === 'PUT') {
'mail_smtp_pass' => ['type' => 'string']
];
# check if the password is changed
$updatePassword = str_contains($API_mailsettings->postedData['mail_smtp_pass'], '******') ? false : true;
$updatePassword = !str_contains($API_mailsettings->postedData['mail_smtp_pass'], '******');
if ($updatePassword) {
if (strlen($API_mailsettings->postedData['mail_smtp_pass']) < 12) {
$API_mailsettings->apiOutput(400, ['error' => 'Password too short']);

View File

@@ -9,9 +9,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/imageProcessor.php';
$API_usersavatar = new API_usersavatar();
if ($API_usersavatar->request_method === 'GET') {
} elseif ($API_usersavatar->request_method === 'POST') {
if ($API_usersavatar->request_method === 'POST') {
# Reset a users password and send an email the user to set a new password
$API_usersavatar->postedData['user_profile_picture'] = $API_usersavatar->createUserImage(['min_width' => 500, 'max_width' => 1000, 'min_height' => 500, 'max_height' => 1000, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
@@ -34,8 +32,4 @@ if ($API_usersavatar->request_method === 'GET') {
$API_usersavatar->apiOutput(200, ['success' => 'Avatar was successfully changed.']);
} elseif ($API_usersavatar->request_method === 'PUT') {
} elseif ($API_usersavatar->request_method === 'DELETE') {
}

View File

@@ -11,9 +11,7 @@ use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
$API_mfa = new API_mfa();
if ($API_mfa->request_method === 'GET') {
} elseif ($API_mfa->request_method === 'POST') {
if ($API_mfa->request_method === 'POST') {
# Set up a new MFA secret its posted from mfaSetup.php where it generated a secret
if (checkLoginAttempts() > 10) {
@@ -49,8 +47,6 @@ if ($API_mfa->request_method === 'GET') {
$API_mfa->enableMFA();
} elseif ($API_mfa->request_method === 'PUT') {
} elseif ($API_mfa->request_method === 'DELETE') {
# Delete a mfa code for a user

View File

@@ -12,9 +12,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
$API_resetpassword = new API_resetpassword();
if ($API_resetpassword->request_method === 'GET') {
} elseif ($API_resetpassword->request_method === 'POST') {
if ($API_resetpassword->request_method === 'POST') {
# Reset a users password and send a mail to the user to set a new password
$API_resetpassword->checkPermissions('admin-access-admins-resetpassword', 'RW');
@@ -71,8 +69,4 @@ The Sentri gnomes
$mail->sendMail();
$API_resetpassword->apiOutput(200, ['success' => 'Password reset link sent successfully.']);
} elseif ($API_resetpassword->request_method === 'PUT') {
} elseif ($API_resetpassword->request_method === 'DELETE') {
}