From 74ed32903f047e5bb0cce09a63c3e778779fd5a2 Mon Sep 17 00:00:00 2001 From: Ivan Nieto Vivanco Date: Tue, 17 Oct 2023 15:48:51 -0600 Subject: [PATCH 1/5] Adds condition to check if parameter is of the proper type --- app/Models/Asset.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/Models/Asset.php b/app/Models/Asset.php index 1ce38bca0..a3e00ee94 100644 --- a/app/Models/Asset.php +++ b/app/Models/Asset.php @@ -220,7 +220,9 @@ class Asset extends Depreciable } } - + if (!is_array($params)){ + return false; + } return parent::save($params); } From 388e4c10c46e1b5286fd4c80ffc44ae9f9aab548 Mon Sep 17 00:00:00 2001 From: spencerrlongg Date: Tue, 17 Oct 2023 19:03:58 -0500 Subject: [PATCH 2/5] catch custom fields that are arrays --- app/Http/Controllers/Api/AssetsController.php | 5 ++++- app/Models/Asset.php | 4 ---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php index e49edc4db..4d146d361 100644 --- a/app/Http/Controllers/Api/AssetsController.php +++ b/app/Http/Controllers/Api/AssetsController.php @@ -530,7 +530,6 @@ class AssetsController extends Controller * @author [A. Gianotto] [] * @param \App\Http\Requests\ImageUploadRequest $request * @since [v4.0] - * @return JsonResponse */ public function store(ImageUploadRequest $request) { @@ -579,6 +578,10 @@ class AssetsController extends Controller if (($model) && ($model->fieldset)) { foreach ($model->fieldset->fields as $field) { + //reduce "array to string conversion" exceptions - ideally we'd handle this in a form request, but this works for now + if(is_array($request->input($field->db_column, null))) { + return response()->json(Helper::formatStandardApiResponse('error', null, 'This custom field can not be an array', 200)); + } // Set the field value based on what was sent in the request $field_val = $request->input($field->db_column, null); diff --git a/app/Models/Asset.php b/app/Models/Asset.php index a3e00ee94..7bce0df24 100644 --- a/app/Models/Asset.php +++ b/app/Models/Asset.php @@ -220,10 +220,6 @@ class Asset extends Depreciable } } - if (!is_array($params)){ - return false; - } - return parent::save($params); } From f7bb911b99e769fb572ed9efd149c68c3b92e5a2 Mon Sep 17 00:00:00 2001 From: spencerrlongg Date: Tue, 17 Oct 2023 19:06:53 -0500 Subject: [PATCH 3/5] clean up --- app/Http/Controllers/Api/AssetsController.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php index 4d146d361..bce5354b7 100644 --- a/app/Http/Controllers/Api/AssetsController.php +++ b/app/Http/Controllers/Api/AssetsController.php @@ -578,14 +578,15 @@ class AssetsController extends Controller if (($model) && ($model->fieldset)) { foreach ($model->fieldset->fields as $field) { - //reduce "array to string conversion" exceptions - ideally we'd handle this in a form request, but this works for now - if(is_array($request->input($field->db_column, null))) { - return response()->json(Helper::formatStandardApiResponse('error', null, 'This custom field can not be an array', 200)); - } // Set the field value based on what was sent in the request $field_val = $request->input($field->db_column, null); + //reduce "array to string conversion" exceptions - ideally we'd handle this in a form request, but this works for now + if(is_array($field_val)) { + return response()->json(Helper::formatStandardApiResponse('error', null, 'This custom field can not be an array', 200)); + } + // If input value is null, use custom field's default value if ($field_val == null) { \Log::debug('Field value for '.$field->db_column.' is null'); From 38de69b3da8829ab6deb8cdd540eec8b0e0f09d5 Mon Sep 17 00:00:00 2001 From: spencerrlongg Date: Wed, 18 Oct 2023 12:41:24 -0500 Subject: [PATCH 4/5] new validation rule --- app/Http/Controllers/Api/AssetsController.php | 5 ----- app/Models/CustomFieldset.php | 2 ++ app/Providers/ValidationServiceProvider.php | 4 ++++ resources/lang/en/validation.php | 1 + 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/app/Http/Controllers/Api/AssetsController.php b/app/Http/Controllers/Api/AssetsController.php index bce5354b7..e42c82841 100644 --- a/app/Http/Controllers/Api/AssetsController.php +++ b/app/Http/Controllers/Api/AssetsController.php @@ -582,11 +582,6 @@ class AssetsController extends Controller // Set the field value based on what was sent in the request $field_val = $request->input($field->db_column, null); - //reduce "array to string conversion" exceptions - ideally we'd handle this in a form request, but this works for now - if(is_array($field_val)) { - return response()->json(Helper::formatStandardApiResponse('error', null, 'This custom field can not be an array', 200)); - } - // If input value is null, use custom field's default value if ($field_val == null) { \Log::debug('Field value for '.$field->db_column.' is null'); diff --git a/app/Models/CustomFieldset.php b/app/Models/CustomFieldset.php index a2698d818..a62f96d63 100644 --- a/app/Models/CustomFieldset.php +++ b/app/Models/CustomFieldset.php @@ -92,6 +92,8 @@ class CustomFieldset extends Model array_push($rule, $field->attributes['format']); $rules[$field->db_column_name()] = $rule; + //add not_array to rules for all fields + $rules[$field->db_column_name()][] = 'not_array'; } return $rules; diff --git a/app/Providers/ValidationServiceProvider.php b/app/Providers/ValidationServiceProvider.php index d7a3c0377..70fa64702 100644 --- a/app/Providers/ValidationServiceProvider.php +++ b/app/Providers/ValidationServiceProvider.php @@ -232,6 +232,10 @@ class ValidationServiceProvider extends ServiceProvider return true; } }); + + Validator::extend('not_array', function ($attribute, $value, $parameters, $validator) { + return !is_array($value); + }); } /** diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php index df514da6f..7720fda79 100644 --- a/resources/lang/en/validation.php +++ b/resources/lang/en/validation.php @@ -95,6 +95,7 @@ return [ 'url' => 'The :attribute format is invalid.', 'unique_undeleted' => 'The :attribute must be unique.', 'non_circular' => 'The :attribute must not create a circular reference.', + 'not_array' => 'The :attribute field can not be an array.', 'disallow_same_pwd_as_user_fields' => 'Password cannot be the same as the username.', 'letters' => 'Password must contain at least one letter.', 'numbers' => 'Password must contain at least one number.', From 6b745930b5dcc8b0eba5e146a3c8df0849000765 Mon Sep 17 00:00:00 2001 From: spencerrlongg Date: Wed, 18 Oct 2023 13:00:13 -0500 Subject: [PATCH 5/5] what typo? --- resources/lang/en/validation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php index 7720fda79..bb35515fd 100644 --- a/resources/lang/en/validation.php +++ b/resources/lang/en/validation.php @@ -95,7 +95,7 @@ return [ 'url' => 'The :attribute format is invalid.', 'unique_undeleted' => 'The :attribute must be unique.', 'non_circular' => 'The :attribute must not create a circular reference.', - 'not_array' => 'The :attribute field can not be an array.', + 'not_array' => 'The :attribute field cannot be an array.', 'disallow_same_pwd_as_user_fields' => 'Password cannot be the same as the username.', 'letters' => 'Password must contain at least one letter.', 'numbers' => 'Password must contain at least one number.',