Actualiser api/index.php

api/index.php

@@ -11,6 +11,16 @@
 // ── Core bootstrap (env, security, database, logger) ─────────────────────────
 require_once __DIR__ . '/bootstrap.php';
 
+/** True if $location is a known location key (builtin or custom). */
+function isValidLocation(PDO $db, string $location): bool {
+    static $cache = null;
+    if ($cache === null) {
+        $rows = $db->query("SELECT key FROM locations")->fetchAll(PDO::FETCH_COLUMN);
+        $cache = array_flip($rows);
+    }
+    return isset($cache[$location]);
+}
+
 const RECIPE_PANTRY_MIN_MATCH_SCORE = 80;
 const RECENTLY_EXHAUSTED_DAYS = 30;
 /** How long to suppress auto-re-add after user bought an item (ms, synced with client blocklist). */
@@ -3039,8 +3049,7 @@ function addToInventory(PDO $db): void {
     }
 
     // Validate location
-    $validLocations = ['dispensa', 'frigo', 'freezer', 'altro'];
-    if (!in_array($location, $validLocations)) {
+    if (!isValidLocation($db, $location)) {
         EverLog::warn('addToInventory: invalid location (400)');
         http_response_code(400);
         echo json_encode(['error' => 'Invalid location']);
@@ -11874,9 +11883,8 @@ function familySiblingSuggest(PDO $db): void {
         return;
     }
 
-    $validLocations = ['dispensa', 'frigo', 'freezer', 'altro'];
     $location = $input['location'] ?? 'dispensa';
-    if (!in_array($location, $validLocations, true)) {
+    if (!isValidLocation($db, $location)) {
         $location = 'dispensa';
     }