Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add additional validation logic to Update API methods to ensure model ID matches ID parameter

Browse Source
This commit is contained in:
sbwalker
2023-11-22 14:47:28 -05:00
parent fc186f1718
commit 14d36ef8dc
17 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Oqtane.Server/Controllers/FileController.cs
View File

@ -207,7 +207,7 @@ namespace Oqtane.Controllers
public Models.File Put(int id, [FromBody] Models.File file)
{
var File = _files.GetFile(file.FileId, false);
if (ModelState.IsValid && file.Folder.SiteId == _alias.SiteId && File != null // ensure file exists
if (ModelState.IsValid && file.Folder.SiteId == _alias.SiteId && file.FileId == id && File != null // ensure file exists
&& _userPermissions.IsAuthorized(User, file.Folder.SiteId, EntityNames.Folder, File.FolderId, PermissionNames.Edit) // ensure user had edit rights to original folder
&& _userPermissions.IsAuthorized(User, file.Folder.SiteId, EntityNames.Folder, file.FolderId, PermissionNames.Edit)) // ensure user has edit rights to new folder
{