Skip to content

Commit 24d3022

Browse files
btoprobtopro
committed
GHSA-9jr9-8ff3-m894 consistency w/ responses in node
1 parent 884d657 commit 24d3022

File tree

2 files changed

+50
-11
lines changed

2 files changed

+50
-11
lines changed

system/backend/php/lib/HAXCMS.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -852,7 +852,7 @@ public function pageBreakParser($body = '<page-break></page-break>') {
852852
/**
853853
* Generate a valid HAX App store specification schema for connecting to this site via JSON.
854854
*/
855-
public function siteConnectionJSON($siteToken = '', $siteName = '')
855+
public function siteConnectionJSON($siteToken = '')
856856
{
857857
return '{
858858
"details": {
@@ -869,7 +869,7 @@ public function siteConnectionJSON($siteToken = '', $siteName = '')
869869
"operations": {
870870
"browse": {
871871
"method": "GET",
872-
"endPoint": "system/api/listFiles?site_token=' . $siteToken . '&siteName=' . $siteName . '",
872+
"endPoint": "system/api/listFiles?site_token=' . $siteToken . '",
873873
"pagination": {
874874
"style": "link",
875875
"props": {

system/backend/php/lib/Operations.php

Lines changed: 48 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -256,9 +256,8 @@ public function rebuildManagedFiles() {
256256
* )
257257
*/
258258
public function saveManifest() {
259-
// load the site from name
260259
if (isset($this->params['site_token']) && $GLOBALS['HAXCMS']->validateRequestToken($this->params['site_token'], $GLOBALS['HAXCMS']->getActiveUserName() . ':' . $this->params['site']['name'])) {
261-
260+
// load the site from name
262261
$site = $GLOBALS['HAXCMS']->loadSite($this->params['site']['name']);
263262
// standard form submit
264263
// @todo
@@ -487,7 +486,7 @@ public function saveManifest() {
487486
else {
488487
return array(
489488
'__failed' => array(
490-
'status' => 500,
489+
'status' => 403,
491490
'message' => 'invalid site token',
492491
)
493492
);
@@ -709,7 +708,7 @@ public function saveOutline() {
709708
} else {
710709
return array(
711710
'__failed' => array(
712-
'status' => 500,
711+
'status' => 403,
713712
'message' => 'invalid site token',
714713
)
715714
);
@@ -884,8 +883,8 @@ public function createNode() {
884883
else {
885884
return array(
886885
'__failed' => array(
887-
'status' => 500,
888-
'message' => 'failed to create node',
886+
'status' => 403,
887+
'message' => 'invalid site token',
889888
)
890889
);
891890
}
@@ -1278,8 +1277,8 @@ public function deleteNode() {
12781277
else {
12791278
return array(
12801279
'__failed' => array(
1281-
'status' => 500,
1282-
'message' => 'failed to delete',
1280+
'status' => 403,
1281+
'message' => 'invalid site token',
12831282
)
12841283
);
12851284
}
@@ -1372,7 +1371,7 @@ public function generateAppStore() {
13721371
}
13731372
$appStore = $haxService->loadBaseAppStore($apikeys);
13741373
// pull in the core one we supply, though only upload works currently
1375-
$tmp = json_decode($GLOBALS['HAXCMS']->siteConnectionJSON($this->params['site_token'], $this->params['site']['name']));
1374+
$tmp = json_decode($GLOBALS['HAXCMS']->siteConnectionJSON($this->params['site_token']));
13761375
array_push($appStore, $tmp);
13771376
if (isset($GLOBALS['HAXCMS']->config->appStore->stax)) {
13781377
$staxList = $GLOBALS['HAXCMS']->config->appStore->stax;
@@ -1452,6 +1451,14 @@ public function getUserData() {
14521451
'data' => $GLOBALS['HAXCMS']->userData
14531452
);
14541453
}
1454+
else {
1455+
return array(
1456+
'__failed' => array(
1457+
'status' => 403,
1458+
'message' => 'invalid request token',
1459+
)
1460+
);
1461+
}
14551462
}
14561463
/**
14571464
* @OA\Post(
@@ -1904,6 +1911,14 @@ public function listSites() {
19041911
"data" => $return
19051912
);
19061913
}
1914+
else {
1915+
return array(
1916+
'__failed' => array(
1917+
'status' => 403,
1918+
'message' => 'invalid request token',
1919+
)
1920+
);
1921+
}
19071922
}
19081923
/**
19091924
* @OA\Post(
@@ -2240,6 +2255,14 @@ public function cloneSite() {
22402255
),
22412256
);
22422257
}
2258+
else {
2259+
return array(
2260+
'__failed' => array(
2261+
'status' => 403,
2262+
'message' => 'invalid request token',
2263+
)
2264+
);
2265+
}
22432266
}
22442267
/**
22452268
* @OA\Post(
@@ -2324,6 +2347,14 @@ public function downloadSite() {
23242347
)
23252348
);
23262349
}
2350+
else {
2351+
return array(
2352+
'__failed' => array(
2353+
'status' => 403,
2354+
'message' => 'invalid request token',
2355+
)
2356+
);
2357+
}
23272358
}
23282359
/**
23292360
* @OA\Post(
@@ -2383,5 +2414,13 @@ public function archiveSite() {
23832414
);
23842415
}
23852416
}
2417+
else {
2418+
return array(
2419+
'__failed' => array(
2420+
'status' => 403,
2421+
'message' => 'invalid request token',
2422+
)
2423+
);
2424+
}
23862425
}
23872426
}

0 commit comments

Comments
 (0)