all repos — caroster @ c80bb0829b4be7e9ff1daf853d1ae4fd18fc9253

[Octree] Group carpool to your event https://caroster.io

fix: 🔒️ Avoid event fetch by ID, force UUID

#242
Tim Izzo tim@octree.ch
Fri, 11 Feb 2022 15:34:50 +0100
commit

c80bb0829b4be7e9ff1daf853d1ae4fd18fc9253

parent

50c371504df1ebada58e03e4a29205cb108057f3

1 files changed, 1 insertions(+), 0 deletions(-)

jump to
M backend/api/event/controllers/event.jsbackend/api/event/controllers/event.js 
@@ -3,6 +3,7 @@ 
 module.exports = {
   async findOne(ctx) {
     const uuid = ctx.params._uuid || ctx.params.uuid;
+    if (!uuid) throw new Error('No uuid provided');
     const event = await strapi.services.event.findOne({uuid});
     if (event) return strapi.services.event.sanitize(event);
     else return ctx.badRequest('No event found');