From 41adf94ebf868232aa43fe9b8b80029896da9da7 Mon Sep 17 00:00:00 2001 From: polo Date: Tue, 24 Jun 2025 02:02:44 +0200 Subject: =?UTF-8?q?saisie=20s=C3=A9curis=C3=A9e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/controller/ajax_calendar.php | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'src/controller/ajax_calendar.php') diff --git a/src/controller/ajax_calendar.php b/src/controller/ajax_calendar.php index 834c88b..79268f6 100644 --- a/src/controller/ajax_calendar.php +++ b/src/controller/ajax_calendar.php @@ -46,22 +46,35 @@ elseif(isset($_SESSION['admin']) && $_SESSION['admin'] === true $json = json_decode($data, true); if($_GET['action'] === 'new_event'){ - $event = new Event($json['title'], $json['start'], $json['end'], $json['allDay'], $json["description"], $json['color']); - + try{ + $event = new Event($json); + } + catch(InvalidArgumentException $e){ + echo json_encode(['success' => false, 'error' => $e->getMessage()]); + http_response_code(400); + die; + } $entityManager->persist($event); $entityManager->flush(); echo json_encode(['success' => true, 'id' => $event->getId()]); } elseif($_GET['action'] === 'update_event'){ - $event = $entityManager->find('App\Entity\Event', $json['id']); - $event->updateFromJSON($json); + $event = $entityManager->find('App\Entity\Event', (int)$json['id']); + try{ + $event->securedUpdateFromJSON($json); + } + catch(InvalidArgumentException $e){ + echo json_encode(['success' => false, 'error' => $e->getMessage()]); + http_response_code(400); + die; + } $entityManager->flush(); echo json_encode(['success' => true]); } elseif($_GET['action'] === 'remove_event'){ - $event = $entityManager->find('App\Entity\Event', $json['id']); + $event = $entityManager->find('App\Entity\Event', (int)$json['id']); $entityManager->remove($event); $entityManager->flush(); -- cgit v1.2.3