2 files changed, 19 insertions, 6 deletions
diff --git a/src/controller/Security.php b/src/controller/Security.php
index cd31cb8..b882d42 100644
--- a/src/controller/Security.php
+++ b/src/controller/Security.php
@@ -22,7 +22,7 @@ class Security
        // ATTENTION, n'applique pas htmlspecialchars() !!
        public static function secureString(string $chaine): string
        {
-            return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));;
+            return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));
        }
        public static function secureFileName(string $chaine): string
diff --git a/src/controller/ajax_calendar.php b/src/controller/ajax_calendar.php
index 834c88b..79268f6 100644
--- a/src/controller/ajax_calendar.php
+++ b/src/controller/ajax_calendar.php
@@ -46,22 +46,35 @@ elseif(isset($_SESSION['admin']) && $_SESSION['admin'] === true
        $json = json_decode($data, true);
        
        if($_GET['action'] === 'new_event'){
-        $event = new Event($json['title'], $json['start'], $json['end'], $json['allDay'], $json["description"], $json['color']);
+        try{
-        
+            $event = new Event($json);
+        }
+        catch(InvalidArgumentException $e){
+            echo json_encode(['success' => false, 'error' => $e->getMessage()]);
+            http_response_code(400);
+            die;
+        }
        $entityManager->persist($event);
        $entityManager->flush();
                
                echo json_encode(['success' => true, 'id' => $event->getId()]);
        }
        elseif($_GET['action'] === 'update_event'){
-        $event = $entityManager->find('App\Entity\Event', $json['id']);
+        $event = $entityManager->find('App\Entity\Event', (int)$json['id']);
-        $event->updateFromJSON($json);
+        try{
+            $event->securedUpdateFromJSON($json);
+        }
+        catch(InvalidArgumentException $e){
+            echo json_encode(['success' => false, 'error' => $e->getMessage()]);
+            http_response_code(400);
+            die;
+        }
        $entityManager->flush();
                echo json_encode(['success' => true]);
        }
        elseif($_GET['action'] === 'remove_event'){
-        $event = $entityManager->find('App\Entity\Event', $json['id']);
+        $event = $entityManager->find('App\Entity\Event', (int)$json['id']);
        $entityManager->remove($event);
        $entityManager->flush();

diff --git a/src/controller/Security.php b/src/controller/Security.php index cd31cb8..b882d42 100644 --- a/src/controller/Security.php +++ b/src/controller/Security.php
@@ -22,7 +22,7 @@ class Security
22	// ATTENTION, n'applique pas htmlspecialchars() !!	22	// ATTENTION, n'applique pas htmlspecialchars() !!
23	public static function secureString(string $chaine): string	23	public static function secureString(string $chaine): string
24	{	24	{
25	return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));;	25	return trim(htmLawed($chaine, self::$configHtmLawed, self::$specHtmLawed));
26	}	26	}
27		27
28	public static function secureFileName(string $chaine): string	28	public static function secureFileName(string $chaine): string


diff --git a/src/controller/ajax_calendar.php b/src/controller/ajax_calendar.php index 834c88b..79268f6 100644 --- a/src/controller/ajax_calendar.php +++ b/src/controller/ajax_calendar.php
@@ -46,22 +46,35 @@ elseif(isset($_SESSION['admin']) && $_SESSION['admin'] === true
46	$json = json_decode($data, true);	46	$json = json_decode($data, true);
47		47
48	if($_GET['action'] === 'new_event'){	48	if($_GET['action'] === 'new_event'){
49	$event = new Event($json['title'], $json['start'], $json['end'], $json['allDay'], $json["description"], $json['color']);	49	try{
50		50	$event = new Event($json);
		51	}
		52	catch(InvalidArgumentException $e){
		53	echo json_encode(['success' => false, 'error' => $e->getMessage()]);
		54	http_response_code(400);
		55	die;
		56	}
51	$entityManager->persist($event);	57	$entityManager->persist($event);
52	$entityManager->flush();	58	$entityManager->flush();
53		59
54	echo json_encode(['success' => true, 'id' => $event->getId()]);	60	echo json_encode(['success' => true, 'id' => $event->getId()]);
55	}	61	}
56	elseif($_GET['action'] === 'update_event'){	62	elseif($_GET['action'] === 'update_event'){
57	$event = $entityManager->find('App\Entity\Event', $json['id']);	63	$event = $entityManager->find('App\Entity\Event', (int)$json['id']);
58	$event->updateFromJSON($json);	64	try{
		65	$event->securedUpdateFromJSON($json);
		66	}
		67	catch(InvalidArgumentException $e){
		68	echo json_encode(['success' => false, 'error' => $e->getMessage()]);
		69	http_response_code(400);
		70	die;
		71	}
59	$entityManager->flush();	72	$entityManager->flush();
60		73
61	echo json_encode(['success' => true]);	74	echo json_encode(['success' => true]);
62	}	75	}
63	elseif($_GET['action'] === 'remove_event'){	76	elseif($_GET['action'] === 'remove_event'){
64	$event = $entityManager->find('App\Entity\Event', $json['id']);	77	$event = $entityManager->find('App\Entity\Event', (int)$json['id']);
65	$entityManager->remove($event);	78	$entityManager->remove($event);
66	$entityManager->flush();	79	$entityManager->flush();
67		80