From f8925ddb0d144eb9987d1afc19501b3d9ece6434 Mon Sep 17 00:00:00 2001 From: Alex Tselegidis Date: Sat, 21 Jan 2023 12:51:06 +0100 Subject: [PATCH] Add the missing "only" filtering to the backend controllers. --- application/controllers/Customers.php | 29 +++++++++++++ application/controllers/Services.php | 43 ++++++++++++++++++-- application/controllers/Unavailabilities.php | 14 +++++++ 3 files changed, 82 insertions(+), 4 deletions(-) diff --git a/application/controllers/Customers.php b/application/controllers/Customers.php index 932002f5..db21dba5 100644 --- a/application/controllers/Customers.php +++ b/application/controllers/Customers.php @@ -184,6 +184,20 @@ class Customers extends EA_Controller { $customer = request('customer'); + $this->customers_model->only($customer, [ + 'first_name', + 'last_name', + 'email', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'notes', + 'timezone', + 'language', + ]); + $customer_id = $this->customers_model->save($customer); $customer = $this->customers_model->find($customer_id); @@ -222,6 +236,21 @@ class Customers extends EA_Controller { abort(403, 'Forbidden'); } + $this->customers_model->only($customer, [ + 'id', + 'first_name', + 'last_name', + 'email', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'notes', + 'timezone', + 'language', + ]); + $customer_id = $this->customers_model->save($customer); $customer = $this->customers_model->find($customer_id); diff --git a/application/controllers/Services.php b/application/controllers/Services.php index a659da76..2971a542 100644 --- a/application/controllers/Services.php +++ b/application/controllers/Services.php @@ -123,10 +123,28 @@ class Services extends EA_Controller { $service['id_categories'] = $service['id_categories'] ?: NULL; + $this->services_model->only($service, [ + 'name', + 'duration', + 'price', + 'currency', + 'description', + 'color', + 'location', + 'availabilities_type', + 'attendants_number', + 'is_private', + 'id_categories', + ]); + + $this->services_model->optional($service, [ + 'id_categories' => NULL + ]); + $service_id = $this->services_model->save($service); - - $service = $this->services_model->find($service_id); - + + $service = $this->services_model->find($service_id); + $this->webhooks_client->trigger(WEBHOOK_SERVICE_SAVE, $service); json_response([ @@ -154,7 +172,24 @@ class Services extends EA_Controller { $service = request('service'); - $service['id_categories'] = $service['id_categories'] ?: NULL; + $this->services_model->only($service, [ + 'id', + 'name', + 'duration', + 'price', + 'currency', + 'description', + 'color', + 'location', + 'availabilities_type', + 'attendants_number', + 'is_private', + 'id_categories', + ]); + + $this->services_model->optional($service, [ + 'id_categories' => NULL + ]); $service_id = $this->services_model->save($service); diff --git a/application/controllers/Unavailabilities.php b/application/controllers/Unavailabilities.php index cceb6172..2c0b346d 100644 --- a/application/controllers/Unavailabilities.php +++ b/application/controllers/Unavailabilities.php @@ -78,6 +78,20 @@ class Unavailabilities extends EA_Controller { $unavailability = request('unavailability'); + $this->unavailabilities_model->only($unavailability, [ + 'first_name', + 'last_name', + 'email', + 'phone_number', + 'address', + 'city', + 'state', + 'zip_code', + 'notes', + 'timezone', + 'language', + ]); + $unavailability_id = $this->unavailabilities_model->save($unavailability); $unavailability = $this->unavailabilities_model->find($unavailability_id);