Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add additional validation logic to Update API methods to ensure model ID matches ID parameter

Browse Source
This commit is contained in:
sbwalker
2023-11-22 14:47:28 -05:00
parent fc186f1718
commit 14d36ef8dc
17 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Oqtane.Server/Controllers/FolderController.cs
View File

@ -204,7 +204,7 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Registered)]
public Folder Put(int id, [FromBody] Folder folder)
{
if (ModelState.IsValid && folder.SiteId == _alias.SiteId && _folders.GetFolder(folder.FolderId, false) != null && _userPermissions.IsAuthorized(User, folder.SiteId, EntityNames.Folder, folder.FolderId, PermissionNames.Edit))
if (ModelState.IsValid && folder.SiteId == _alias.SiteId && folder.FolderId == id && _folders.GetFolder(folder.FolderId, false) != null && _userPermissions.IsAuthorized(User, folder.SiteId, EntityNames.Folder, folder.FolderId, PermissionNames.Edit))
{
if (folder.IsPathValid())
{