Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-05-08 09:39:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Be more explicit in API error reporting

Browse Source 
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
DL6ER
2022-02-27 16:29:50 +01:00
parent d59afde574
commit 60122713a8
1 changed files with 6 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/pi-hole/php/message.php
+6 -8
View File
@@ -45,22 +45,20 @@ function JSON_error($message = null)
// Delete message identified by IDs
if ($_POST['action'] == 'delete_message' && isset($_POST['id'])) {
try {
if(!is_array($_POST['id']))
throw new Exception('Invalid payload: id is not an array');
$ids = json_decode($_POST['id']);
// Explot prevention: Ensure all entries in the ID array are integers
foreach($ids as $value) {
if (!is_numeric($value)) {
throw new Exception('Invalid payload: id');
}
if (!is_numeric($value))
throw new Exception('Invalid payload: id contains non-numeric entries');
}
$stmt = $db->prepare('DELETE FROM message WHERE id IN ('.implode(",",$ids).')');
if (!$stmt) {
if (!$stmt)
throw new Exception('While preparing message statement: ' . $db->lastErrorMsg());
}
if (!$stmt->execute()) {
if (!$stmt->execute())
throw new Exception('While executing message statement: ' . $db->lastErrorMsg());
}
$reload = true;
JSON_success();