1 files changed, 18 insertions, 5 deletions
diff --git a/src/controller/ajax_calendar.php b/src/controller/ajax_calendar.php
index 834c88b..79268f6 100644
--- a/src/controller/ajax_calendar.php
+++ b/src/controller/ajax_calendar.php
@@ -46,22 +46,35 @@ elseif(isset($_SESSION['admin']) && $_SESSION['admin'] === true
        $json = json_decode($data, true);
        
        if($_GET['action'] === 'new_event'){
-        $event = new Event($json['title'], $json['start'], $json['end'], $json['allDay'], $json["description"], $json['color']);
+        try{
-        
+            $event = new Event($json);
+        }
+        catch(InvalidArgumentException $e){
+            echo json_encode(['success' => false, 'error' => $e->getMessage()]);
+            http_response_code(400);
+            die;
+        }
        $entityManager->persist($event);
        $entityManager->flush();
                
                echo json_encode(['success' => true, 'id' => $event->getId()]);
        }
        elseif($_GET['action'] === 'update_event'){
-        $event = $entityManager->find('App\Entity\Event', $json['id']);
+        $event = $entityManager->find('App\Entity\Event', (int)$json['id']);
-        $event->updateFromJSON($json);
+        try{
+            $event->securedUpdateFromJSON($json);
+        }
+        catch(InvalidArgumentException $e){
+            echo json_encode(['success' => false, 'error' => $e->getMessage()]);
+            http_response_code(400);
+            die;
+        }
        $entityManager->flush();
                echo json_encode(['success' => true]);
        }
        elseif($_GET['action'] === 'remove_event'){
-        $event = $entityManager->find('App\Entity\Event', $json['id']);
+        $event = $entityManager->find('App\Entity\Event', (int)$json['id']);
        $entityManager->remove($event);
        $entityManager->flush();

diff --git a/src/controller/ajax_calendar.php b/src/controller/ajax_calendar.php index 834c88b..79268f6 100644 --- a/src/controller/ajax_calendar.php +++ b/src/controller/ajax_calendar.php
@@ -46,22 +46,35 @@ elseif(isset($_SESSION['admin']) && $_SESSION['admin'] === true
46	$json = json_decode($data, true);	46	$json = json_decode($data, true);
47		47
48	if($_GET['action'] === 'new_event'){	48	if($_GET['action'] === 'new_event'){
49	$event = new Event($json['title'], $json['start'], $json['end'], $json['allDay'], $json["description"], $json['color']);	49	try{
50		50	$event = new Event($json);
		51	}
		52	catch(InvalidArgumentException $e){
		53	echo json_encode(['success' => false, 'error' => $e->getMessage()]);
		54	http_response_code(400);
		55	die;
		56	}
51	$entityManager->persist($event);	57	$entityManager->persist($event);
52	$entityManager->flush();	58	$entityManager->flush();
53		59
54	echo json_encode(['success' => true, 'id' => $event->getId()]);	60	echo json_encode(['success' => true, 'id' => $event->getId()]);
55	}	61	}
56	elseif($_GET['action'] === 'update_event'){	62	elseif($_GET['action'] === 'update_event'){
57	$event = $entityManager->find('App\Entity\Event', $json['id']);	63	$event = $entityManager->find('App\Entity\Event', (int)$json['id']);
58	$event->updateFromJSON($json);	64	try{
		65	$event->securedUpdateFromJSON($json);
		66	}
		67	catch(InvalidArgumentException $e){
		68	echo json_encode(['success' => false, 'error' => $e->getMessage()]);
		69	http_response_code(400);
		70	die;
		71	}
59	$entityManager->flush();	72	$entityManager->flush();
60		73
61	echo json_encode(['success' => true]);	74	echo json_encode(['success' => true]);
62	}	75	}
63	elseif($_GET['action'] === 'remove_event'){	76	elseif($_GET['action'] === 'remove_event'){
64	$event = $entityManager->find('App\Entity\Event', $json['id']);	77	$event = $entityManager->find('App\Entity\Event', (int)$json['id']);
65	$entityManager->remove($event);	78	$entityManager->remove($event);
66	$entityManager->flush();	79	$entityManager->flush();
67		80