diff --git a/app/Api/V1/Requests/Models/Transaction/StoreRequest.php b/app/Api/V1/Requests/Models/Transaction/StoreRequest.php index f6c1d2803c..3138ffca0b 100644 --- a/app/Api/V1/Requests/Models/Transaction/StoreRequest.php +++ b/app/Api/V1/Requests/Models/Transaction/StoreRequest.php @@ -225,25 +225,25 @@ class StoreRequest extends FormRequest // other interesting fields 'transactions.*.reconciled' => [new IsBoolean()], - 'transactions.*.notes' => 'min:1,max:50000|nullable', + 'transactions.*.notes' => 'min:1|max:50000|nullable', 'transactions.*.tags' => 'between:0,255', // meta info fields - 'transactions.*.internal_reference' => 'min:1,max:255|nullable', - 'transactions.*.external_id' => 'min:1,max:255|nullable', - 'transactions.*.recurrence_id' => 'min:1,max:255|nullable', - 'transactions.*.bunq_payment_id' => 'min:1,max:255|nullable', - 'transactions.*.external_url' => 'min:1,max:255|nullable|url', + 'transactions.*.internal_reference' => 'min:1|max:255|nullable', + 'transactions.*.external_id' => 'min:1|max:255|nullable', + 'transactions.*.recurrence_id' => 'min:1|max:255|nullable', + 'transactions.*.bunq_payment_id' => 'min:1|max:255|nullable', + 'transactions.*.external_url' => 'min:1|max:255|nullable|url', // SEPA fields: - 'transactions.*.sepa_cc' => 'min:1,max:255|nullable', - 'transactions.*.sepa_ct_op' => 'min:1,max:255|nullable', - 'transactions.*.sepa_ct_id' => 'min:1,max:255|nullable', - 'transactions.*.sepa_db' => 'min:1,max:255|nullable', - 'transactions.*.sepa_country' => 'min:1,max:255|nullable', - 'transactions.*.sepa_ep' => 'min:1,max:255|nullable', - 'transactions.*.sepa_ci' => 'min:1,max:255|nullable', - 'transactions.*.sepa_batch_id' => 'min:1,max:255|nullable', + 'transactions.*.sepa_cc' => 'min:1|max:255|nullable', + 'transactions.*.sepa_ct_op' => 'min:1|max:255|nullable', + 'transactions.*.sepa_ct_id' => 'min:1|max:255|nullable', + 'transactions.*.sepa_db' => 'min:1|max:255|nullable', + 'transactions.*.sepa_country' => 'min:1|max:255|nullable', + 'transactions.*.sepa_ep' => 'min:1|max:255|nullable', + 'transactions.*.sepa_ci' => 'min:1|max:255|nullable', + 'transactions.*.sepa_batch_id' => 'min:1|max:255|nullable', // dates 'transactions.*.interest_date' => 'date|nullable', diff --git a/app/Api/V1/Requests/Models/Transaction/UpdateRequest.php b/app/Api/V1/Requests/Models/Transaction/UpdateRequest.php index 2fc4dfdf18..bf39777d97 100644 --- a/app/Api/V1/Requests/Models/Transaction/UpdateRequest.php +++ b/app/Api/V1/Requests/Models/Transaction/UpdateRequest.php @@ -24,6 +24,7 @@ declare(strict_types=1); namespace FireflyIII\Api\V1\Requests\Models\Transaction; +use FireflyIII\Exceptions\FireflyException; use FireflyIII\Models\TransactionGroup; use FireflyIII\Rules\BelongsUser; use FireflyIII\Rules\IsBoolean; @@ -61,6 +62,7 @@ class UpdateRequest extends FormRequest */ public function getAll(): array { + Log::debug(sprintf('Now in %s', __METHOD__)); $this->integerFields = [ 'order', @@ -163,6 +165,9 @@ class UpdateRequest extends FormRequest /** @var array $transaction */ foreach ($this->get('transactions') as $transaction) { + if(!is_array($transaction)) { + throw new FireflyException('Invalid data submitted: transaction is not array.'); + } // default response is to update nothing in the transaction: $current = []; $current = $this->getIntegerData($current, $transaction); @@ -359,25 +364,25 @@ class UpdateRequest extends FormRequest // other interesting fields 'transactions.*.reconciled' => [new IsBoolean()], - 'transactions.*.notes' => 'min:1,max:50000|nullable', + 'transactions.*.notes' => 'min:1|max:50000|nullable', 'transactions.*.tags' => 'between:0,255', // meta info fields - 'transactions.*.internal_reference' => 'min:1,max:255|nullable', - 'transactions.*.external_id' => 'min:1,max:255|nullable', - 'transactions.*.recurrence_id' => 'min:1,max:255|nullable', - 'transactions.*.bunq_payment_id' => 'min:1,max:255|nullable', - 'transactions.*.external_url' => 'min:1,max:255|nullable|url', + 'transactions.*.internal_reference' => 'min:1|max:255|nullable', + 'transactions.*.external_id' => 'min:1|max:255|nullable', + 'transactions.*.recurrence_id' => 'min:1|max:255|nullable', + 'transactions.*.bunq_payment_id' => 'min:1|max:255|nullable', + 'transactions.*.external_url' => 'min:1|max:255|nullable|url', // SEPA fields: - 'transactions.*.sepa_cc' => 'min:1,max:255|nullable', - 'transactions.*.sepa_ct_op' => 'min:1,max:255|nullable', - 'transactions.*.sepa_ct_id' => 'min:1,max:255|nullable', - 'transactions.*.sepa_db' => 'min:1,max:255|nullable', - 'transactions.*.sepa_country' => 'min:1,max:255|nullable', - 'transactions.*.sepa_ep' => 'min:1,max:255|nullable', - 'transactions.*.sepa_ci' => 'min:1,max:255|nullable', - 'transactions.*.sepa_batch_id' => 'min:1,max:255|nullable', + 'transactions.*.sepa_cc' => 'min:1|max:255|nullable', + 'transactions.*.sepa_ct_op' => 'min:1|max:255|nullable', + 'transactions.*.sepa_ct_id' => 'min:1|max:255|nullable', + 'transactions.*.sepa_db' => 'min:1|max:255|nullable', + 'transactions.*.sepa_country' => 'min:1|max:255|nullable', + 'transactions.*.sepa_ep' => 'min:1|max:255|nullable', + 'transactions.*.sepa_ci' => 'min:1|max:255|nullable', + 'transactions.*.sepa_batch_id' => 'min:1|max:255|nullable', // dates 'transactions.*.interest_date' => 'date|nullable', @@ -398,6 +403,7 @@ class UpdateRequest extends FormRequest */ public function withValidator(Validator $validator): void { + Log::debug('Now in withValidator'); /** @var TransactionGroup $transactionGroup */ $transactionGroup = $this->route()->parameter('transactionGroup'); $validator->after( diff --git a/app/Http/Requests/MassEditJournalRequest.php b/app/Http/Requests/MassEditJournalRequest.php index d7759af6a1..0ac30468b3 100644 --- a/app/Http/Requests/MassEditJournalRequest.php +++ b/app/Http/Requests/MassEditJournalRequest.php @@ -45,7 +45,7 @@ class MassEditJournalRequest extends FormRequest // fixed return [ - 'description.*' => 'required|min:1,max:255', + 'description.*' => 'required|min:1|max:255', 'source_id.*' => 'numeric|belongsToUser:accounts,id', 'destination_id.*' => 'numeric|belongsToUser:accounts,id', 'journals.*' => 'numeric|belongsToUser:transaction_journals,id', diff --git a/app/Validation/GroupValidation.php b/app/Validation/GroupValidation.php index b713fd8150..78d18a55aa 100644 --- a/app/Validation/GroupValidation.php +++ b/app/Validation/GroupValidation.php @@ -24,6 +24,7 @@ declare(strict_types=1); namespace FireflyIII\Validation; +use FireflyIII\Exceptions\FireflyException; use FireflyIII\Models\TransactionGroup; use Illuminate\Validation\Validator; use Illuminate\Support\Facades\Log; @@ -53,6 +54,9 @@ trait GroupValidation ]; /** @var array $transaction */ foreach ($transactions as $index => $transaction) { + if(!is_array($transaction)) { + throw new FireflyException('Invalid data submitted: transaction is not array.'); + } $hasAccountInfo = false; $hasJournalId = array_key_exists('transaction_journal_id', $transaction); foreach ($keys as $key) { diff --git a/app/Validation/TransactionValidation.php b/app/Validation/TransactionValidation.php index 201fed88ee..e246a6171c 100644 --- a/app/Validation/TransactionValidation.php +++ b/app/Validation/TransactionValidation.php @@ -23,6 +23,7 @@ declare(strict_types=1); namespace FireflyIII\Validation; +use FireflyIII\Exceptions\FireflyException; use FireflyIII\Models\Account; use FireflyIII\Models\AccountType; use FireflyIII\Models\Transaction; @@ -358,6 +359,9 @@ trait TransactionValidation * @var array $transaction */ foreach ($transactions as $index => $transaction) { + if(!is_int($index)) { + throw new FireflyException('Invalid data submitted: transaction is not array.'); + } $this->validateSingleUpdate($validator, $index, $transaction, $transactionGroup); } } diff --git a/resources/lang/en_US/validation.php b/resources/lang/en_US/validation.php index d90ab1969b..d2b91ef4a4 100644 --- a/resources/lang/en_US/validation.php +++ b/resources/lang/en_US/validation.php @@ -231,8 +231,8 @@ return [ 'generic_invalid_source' => 'You can\'t use this account as the source account.', 'generic_invalid_destination' => 'You can\'t use this account as the destination account.', - 'generic_no_source' => 'You must submit source account information.', - 'generic_no_destination' => 'You must submit destination account information.', + 'generic_no_source' => 'You must submit source account information or submit a transaction journal ID.', + 'generic_no_destination' => 'You must submit destination account information or submit a transaction journal ID.', 'gte.numeric' => 'The :attribute must be greater than or equal to :value.', 'gt.numeric' => 'The :attribute must be greater than :value.',