Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add additional validation logic to Update API methods to ensure model ID matches ID parameter

Browse Source
This commit is contained in:
sbwalker
2023-11-22 14:47:28 -05:00
parent fc186f1718
commit 14d36ef8dc
17 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Oqtane.Server/Controllers/AliasController.cs
View File

@ -76,7 +76,7 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Host)]
public Alias Put(int id, [FromBody] Alias alias)
{
if (ModelState.IsValid && _aliases.GetAlias(alias.AliasId, false) != null)
if (ModelState.IsValid && alias.AliasId == id && _aliases.GetAlias(alias.AliasId, false) != null)
{
alias = _aliases.UpdateAlias(alias);
_syncManager.AddSyncEvent(alias.TenantId, EntityNames.Alias, alias.AliasId, SyncEventActions.Update);