mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-23 22:09:29 +00:00
Improved conversations ID security check
This commit is contained in:
parent
50c2848a1b
commit
a0373ccdb6
@ -655,6 +655,21 @@ class conversations {
|
|||||||
return $messages;
|
return $messages;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check whether a conversation exists or not
|
||||||
|
*
|
||||||
|
* @param int $convID The ID of the conversation to check
|
||||||
|
* @return bool TRUE if it exists / false else
|
||||||
|
*/
|
||||||
|
public function exist(int $convID) : bool {
|
||||||
|
|
||||||
|
//Perform a request on the database
|
||||||
|
$tableName = $this->conversationsListTable;
|
||||||
|
|
||||||
|
return CS::get()->db->count($tableName, "WHERE ID = ?", array($convID)) > 0;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
//Register component
|
//Register component
|
||||||
|
@ -60,9 +60,9 @@ function numbers_list_to_array($list) : array{
|
|||||||
* Securely transform user given number (mixed) to integer (int)
|
* Securely transform user given number (mixed) to integer (int)
|
||||||
*
|
*
|
||||||
* @param Mixed $input The input variable (mixed)
|
* @param Mixed $input The input variable (mixed)
|
||||||
* @return Integer $output The output (safe integer)
|
* @return int $output The output (safe integer)
|
||||||
*/
|
*/
|
||||||
function toInt($input){
|
function toInt($input) : int{
|
||||||
return floor($input*1);
|
return floor($input*1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -161,3 +161,29 @@ function getPostUserID(string $name = "userID") : int {
|
|||||||
|
|
||||||
return $userID;
|
return $userID;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the ID of a conversation posted in a request and return
|
||||||
|
* if it is a valid ID
|
||||||
|
*
|
||||||
|
* @param string $name Optionnal, the name of the post field
|
||||||
|
* @return int $convID The ID of the conversation
|
||||||
|
*/
|
||||||
|
function getPostConversationID(string $name = "conversationID") : int {
|
||||||
|
|
||||||
|
//Get conversationID
|
||||||
|
if(!isset($_POST[$name]))
|
||||||
|
Rest_fatal_error(400, "Exepted conversation ID in '".$name."' !");
|
||||||
|
$conversationID = toInt($_POST[$name]);
|
||||||
|
|
||||||
|
//Check conversationID validity
|
||||||
|
if($conversationID < 1)
|
||||||
|
Rest_fatal_error(400, "Invalid conversation ID !");
|
||||||
|
|
||||||
|
//Check if conversation exists
|
||||||
|
if(!CS::get()->components->conversations->exist($conversationID))
|
||||||
|
Rest_fatal_error(404, "Specified conversation not found!");
|
||||||
|
|
||||||
|
return $conversationID;
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user