Skip to content

Commit

Permalink
fix(question): prevent bad request
Browse files Browse the repository at this point in the history
may try to load a itemtype represented by a class named '0'

Signed-off-by: Thierry Bugier <tbugier@teclib.com>
  • Loading branch information
btry committed Jan 28, 2021
1 parent d6adbbf commit ea66d63
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
2 changes: 1 addition & 1 deletion ajax/commontree.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
$depth = $_GET['maxDepth'];

// This should only be used for dropdowns
if (!is_a($itemtype, CommonTreeDropdown::class, true)) {
if ((int) $itemtype == $itemtype || !is_a($itemtype, CommonTreeDropdown::class, true)) {
http_response_code(400);
die;
}
Expand Down
5 changes: 5 additions & 0 deletions js/scripts.js.php
Original file line number Diff line number Diff line change
Expand Up @@ -1318,6 +1318,11 @@ function plugin_formcreator_changeDropdownItemtype(rand) {
$('.plugin_formcreator_dropdown_ticket').toggle(showTicketCategorySpecific);
$('.plugin_formcreator_dropdown_service_level').toggle();

if (!isNaN(dropdown_type)) {
// The variable seems not to be a itemtype
return;
}

$.ajax({
url: formcreatorRootDoc + '/ajax/commontree.php',
type: 'GET',
Expand Down

0 comments on commit ea66d63

Please sign in to comment.