IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-01-10 08:03:36 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix https://github.com/firefly-iii/firefly-iii/issues/7204

Browse Source
This commit is contained in:
James Cole 2023-10-22 19:01:18 +02:00
parent 2c34bd36a5
commit e90fb98613
No known key found for this signature in database
GPG Key ID: B49A324B7EAD6D80
6 changed files with 22 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.env.example
View File

@ -195,6 +195,16 @@ MAP_DEFAULT_LAT=51.983333
MAP_DEFAULT_LONG=5.916667
MAP_DEFAULT_ZOOM=6
#
# Some objects have room for an URL, like transactions and webhooks.
# By default, the following protocols are allowed:
# http, https, ftp, ftps, mailto
#
# To change this, set your preferred comma separated set below.
# Be sure to include http, https and other default ones if you need to.
#
VALID_URL_PROTOCOLS=
#
# Firefly III authentication settings
#

4
app/Api/V1/Requests/Models/Transaction/StoreRequest.php
View File

@ -174,7 +174,7 @@ class StoreRequest extends FormRequest
public function rules(): array
{
Log::debug('Collect rules of TransactionStoreRequest');
$validProtocols = config('firefly.valid_url_protocols');
return [
// basic fields for group:
'group_title' => 'between:1,1000|nullable',
@ -233,7 +233,7 @@ class StoreRequest extends FormRequest
'transactions.*.external_id' => 'min:1|max:255|nullable',
'transactions.*.recurrence_id' => 'min:1|max:255|nullable',
'transactions.*.bunq_payment_id' => 'min:1|max:255|nullable',
'transactions.*.external_url' => 'min:1|max:255|nullable|url',
'transactions.*.external_url' => sprintf('min:1|max:255|nullable|url:%s', $validProtocols),
// SEPA fields:
'transactions.*.sepa_cc' => 'min:1|max:255|nullable',

4
app/Api/V1/Requests/Models/Transaction/UpdateRequest.php
View File

@ -321,7 +321,7 @@ class UpdateRequest extends FormRequest
public function rules(): array
{
Log::debug(sprintf('Now in %s', __METHOD__));
$validProtocols = config('firefly.valid_url_protocols');
return [
// basic fields for group:
'group_title' => 'between:1,1000|nullable',
@ -375,7 +375,7 @@ class UpdateRequest extends FormRequest
'transactions.*.external_id' => 'min:1|max:255|nullable',
'transactions.*.recurrence_id' => 'min:1|max:255|nullable',
'transactions.*.bunq_payment_id' => 'min:1|max:255|nullable',
'transactions.*.external_url' => 'min:1|max:255|nullable|url',
'transactions.*.external_url' => sprintf('min:1|max:255|nullable|url:%s', $validProtocols),
// SEPA fields:
'transactions.*.sepa_cc' => 'min:1|max:255|nullable',

4
app/Api/V1/Requests/Models/Webhook/CreateRequest.php
View File

@ -74,14 +74,14 @@ class CreateRequest extends FormRequest
$triggers = implode(',', array_keys(Webhook::getTriggersForValidation()));
$responses = implode(',', array_keys(Webhook::getResponsesForValidation()));
$deliveries = implode(',', array_keys(Webhook::getDeliveriesForValidation()));
$validProtocols = config('firefly.valid_url_protocols');
return [
'title' => 'required|between:1,512|uniqueObjectForUser:webhooks,title',
'active' => [new IsBoolean()],
'trigger' => sprintf('required|in:%s', $triggers),
'response' => sprintf('required|in:%s', $responses),
'delivery' => sprintf('required|in:%s', $deliveries),
'url' => ['required', 'url', 'uniqueWebhook'],
'url' => ['required', sprintf('url:%s', $validProtocols), 'uniqueWebhook'],
];
}
}

10
app/Api/V1/Requests/Models/Webhook/UpdateRequest.php
View File

@ -81,10 +81,10 @@ class UpdateRequest extends FormRequest
*/
public function rules(): array
{
$triggers = implode(',', array_keys(Webhook::getTriggersForValidation()));
$responses = implode(',', array_keys(Webhook::getResponsesForValidation()));
$deliveries = implode(',', array_keys(Webhook::getDeliveriesForValidation()));
$triggers = implode(',', array_keys(Webhook::getTriggersForValidation()));
$responses = implode(',', array_keys(Webhook::getResponsesForValidation()));
$deliveries = implode(',', array_keys(Webhook::getDeliveriesForValidation()));
$validProtocols = config('firefly.valid_url_protocols');
/** @var Webhook $webhook */
$webhook = $this->route()->parameter('webhook');
@ -94,7 +94,7 @@ class UpdateRequest extends FormRequest
'trigger' => sprintf('in:%s', $triggers),
'response' => sprintf('in:%s', $responses),
'delivery' => sprintf('in:%s', $deliveries),
'url' => ['url', sprintf('uniqueExistingWebhook:%d', $webhook->id)],
'url' => [sprintf('url:%s', $validProtocols), sprintf('uniqueExistingWebhook:%d', $webhook->id)],
];
}
}

1
config/firefly.php
View File

@ -251,6 +251,7 @@ return [
'available_dark_modes' => ['light', 'dark', 'browser'],
'bill_reminder_periods' => [90, 30, 14, 7, 0],
'valid_view_ranges' => ['1D', '1W', '1M', '3M', '6M', '1Y',],
'valid_url_protocols' => envNonEmpty('VALID_URL_PROTOCOLS', 'http,https,ftp,ftps,mailto'),
'allowedMimes' => [
/* plain files */
'text/plain',