IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix vulnerabilities reported by Stefan Schiller from Sonar. Thanks!

Browse Source
This commit is contained in:
James Cole 2023-12-20 16:43:15 +01:00
parent bf5a15077d
commit 28021aa711
No known key found for this signature in database
GPG Key ID: B49A324B7EAD6D80
4 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Services/Internal/Update/JournalUpdateService.php
View File

@ -25,6 +25,7 @@ namespace FireflyIII\Services\Internal\Update;
use Carbon\Carbon; use Carbon\Carbon;
use Carbon\Exceptions\InvalidDateException; use Carbon\Exceptions\InvalidDateException;
use Carbon\Exceptions\InvalidFormatException;
use FireflyIII\Events\TriggeredAuditLog; use FireflyIII\Events\TriggeredAuditLog;
use FireflyIII\Exceptions\FireflyException; use FireflyIII\Exceptions\FireflyException;
use FireflyIII\Factory\TagFactory; use FireflyIII\Factory\TagFactory;
@ -662,7 +663,7 @@ class JournalUpdateService
if ($this->hasFields([$field])) { if ($this->hasFields([$field])) {
try { try {
$value = '' === (string)$this->data[$field] ? null : new Carbon($this->data[$field]); $value = '' === (string)$this->data[$field] ? null : new Carbon($this->data[$field]);
} catch (InvalidDateException $e) { // @phpstan-ignore-line } catch (InvalidDateException|InvalidFormatException $e) { // @phpstan-ignore-line
app('log')->debug(sprintf('%s is not a valid date value: %s', $this->data[$field], $e->getMessage())); app('log')->debug(sprintf('%s is not a valid date value: %s', $this->data[$field], $e->getMessage()));
return; return;

5
app/Support/Binder/Date.php
View File

@ -25,6 +25,7 @@ namespace FireflyIII\Support\Binder;
use Carbon\Carbon; use Carbon\Carbon;
use Carbon\Exceptions\InvalidDateException; use Carbon\Exceptions\InvalidDateException;
use Carbon\Exceptions\InvalidFormatException;
use FireflyIII\Helpers\Fiscal\FiscalHelperInterface; use FireflyIII\Helpers\Fiscal\FiscalHelperInterface;
use Illuminate\Routing\Route; use Illuminate\Routing\Route;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@ -71,10 +72,10 @@ class Date implements BinderInterface
try { try {
$result = new Carbon($value); $result = new Carbon($value);
} catch (InvalidDateException $e) { // @phpstan-ignore-line } catch (InvalidDateException|InvalidFormatException $e) { // @phpstan-ignore-line
$message = sprintf('Could not parse date "%s" for user #%d: %s', $value, auth()->user()->id, $e->getMessage()); $message = sprintf('Could not parse date "%s" for user #%d: %s', $value, auth()->user()->id, $e->getMessage());
app('log')->error($message); app('log')->error($message);
throw new NotFoundHttpException($message, $e); throw new NotFoundHttpException('Could not parse value', $e);
} }
return $result; return $result;

2
public/v1/js/webhooks/edit.js
View File

File diff suppressed because one or more lines are too long

2
resources/assets/js/components/webhooks/Edit.vue
View File

@ -119,7 +119,7 @@ export default {
methods: { methods: {
getWebhook: function () { getWebhook: function () {
const page = window.location.href.split('/'); const page = window.location.href.split('/');
const webhookId = page[page.length - 1]; const webhookId = parseInt(page[page.length - 1]);
this.downloadWebhook(webhookId); this.downloadWebhook(webhookId);
}, },
downloadWebhook: function (id) { downloadWebhook: function (id) {