Commit c8695ecb authored by Birte Kristina Friesel's avatar Birte Kristina Friesel
Browse files

travel, import API: Verify that payload is a hash

parent 934a9ac2

lib/Travelynx/Controller/Api.pm

+26 −4
Original line number Diff line number Diff line
@@ -170,13 +170,24 @@ sub travel_v1 { 
	my ($self) = @_;



	my $payload = $self->req->json;



	if ( not $payload or ref($payload) ne 'HASH' ) {

		$self->render(

			json => {

				success => \0,

				error   => 'Malformed JSON',

			},

		);

		return;

	}



	my $api_token = $payload->{token} // '';



	if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) {

		$self->render(

			json => {

				success => \0,

				error   => 'Malformed JSON or malformed token',

				error   => 'Malformed token',

			},

		);

		return;
@@ -339,13 +350,24 @@ sub import_v1 { 
	my ($self) = @_;



	my $payload = $self->req->json;



	if ( not $payload or ref($payload) ne 'HASH' ) {

		$self->render(

			json => {

				success => \0,

				error   => 'Malformed JSON',

			},

		);

		return;

	}



	my $api_token = $payload->{token} // '';



	if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) {

		$self->render(

			json => {

				success => \0,

				error   => 'Malformed JSON or malformed token',

				error   => 'Malformed token',

			},

		);

		return;