diff options
| author | Daniel Friesel <derf@finalrewind.org> | 2019-12-17 20:41:36 +0100 |
|---|---|---|
| committer | Daniel Friesel <derf@finalrewind.org> | 2019-12-17 20:41:36 +0100 |
| commit | c8695ecb1cfd72c8f9e1fa51dbade9a588f127e5 (patch) | |
| tree | a7d9f84f1648a12031056b2b031243eb2946bbba | |
| parent | 934a9ac21a2747db10840a94aa3ed095063021d2 (diff) | |
travel, import API: Verify that payload is a hash
| -rwxr-xr-x | lib/Travelynx/Controller/Api.pm | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/lib/Travelynx/Controller/Api.pm b/lib/Travelynx/Controller/Api.pm index 834317c..42e4774 100755 --- a/lib/Travelynx/Controller/Api.pm +++ b/lib/Travelynx/Controller/Api.pm @@ -169,14 +169,25 @@ sub get_v1 { sub travel_v1 { my ($self) = @_; - my $payload = $self->req->json; + my $payload = $self->req->json; + + if ( not $payload or ref($payload) ne 'HASH' ) { + $self->render( + json => { + success => \0, + error => 'Malformed JSON', + }, + ); + return; + } + my $api_token = $payload->{token} // ''; if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) { $self->render( json => { success => \0, - error => 'Malformed JSON or malformed token', + error => 'Malformed token', }, ); return; @@ -338,14 +349,25 @@ sub travel_v1 { sub import_v1 { my ($self) = @_; - my $payload = $self->req->json; + my $payload = $self->req->json; + + if ( not $payload or ref($payload) ne 'HASH' ) { + $self->render( + json => { + success => \0, + error => 'Malformed JSON', + }, + ); + return; + } + my $api_token = $payload->{token} // ''; if ( $api_token !~ qr{ ^ (?<id> \d+ ) - (?<token> .* ) $ }x ) { $self->render( json => { success => \0, - error => 'Malformed JSON or malformed token', + error => 'Malformed token', }, ); return; |