morgane/EverShelf
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

Actualiser api/index.php
CI / PHP Syntax Check (push) Has been cancelled
Details
CI / JavaScript Lint (push) Has been cancelled
Details
CI / Docker Build Test (push) Has been cancelled
Details
CI / Validate Translation Files (push) Has been cancelled
Details
CI / Auto-merge develop → main (push) Has been cancelled
Details
CI / Create GitHub Release (push) Has been cancelled
Details
Security Scan (Trivy) / Trivy — Docker image scan (push) Has been cancelled
Details
Security Scan (Trivy) / Trivy — Filesystem scan (push) Has been cancelled
Details

Browse Source
This commit is contained in:
morgane
2026-06-17 13:14:46 +00:00
parent 4a729d2d10
commit 9512e3a8df
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/index.php
+12 -4
View File
@@ -11,6 +11,16 @@
// ── Core bootstrap (env, security, database, logger) ───────────────────────── // ── Core bootstrap (env, security, database, logger) ─────────────────────────
require_once __DIR__ . '/bootstrap.php'; require_once __DIR__ . '/bootstrap.php';
/** True if $location is a known location key (builtin or custom). */
function isValidLocation(PDO $db, string $location): bool {
static $cache = null;
if ($cache === null) {
$rows = $db->query("SELECT key FROM locations")->fetchAll(PDO::FETCH_COLUMN);
$cache = array_flip($rows);
}
return isset($cache[$location]);
}
const RECIPE_PANTRY_MIN_MATCH_SCORE = 80; const RECIPE_PANTRY_MIN_MATCH_SCORE = 80;
const RECENTLY_EXHAUSTED_DAYS = 30; const RECENTLY_EXHAUSTED_DAYS = 30;
/** How long to suppress auto-re-add after user bought an item (ms, synced with client blocklist). */ /** How long to suppress auto-re-add after user bought an item (ms, synced with client blocklist). */
@@ -3039,8 +3049,7 @@ function addToInventory(PDO $db): void {
} }
// Validate location // Validate location
$validLocations = ['dispensa', 'frigo', 'freezer', 'altro']; if (!isValidLocation($db, $location)) {
if (!in_array($location, $validLocations)) {
EverLog::warn('addToInventory: invalid location (400)'); EverLog::warn('addToInventory: invalid location (400)');
http_response_code(400); http_response_code(400);
echo json_encode(['error' => 'Invalid location']); echo json_encode(['error' => 'Invalid location']);
@@ -11874,9 +11883,8 @@ function familySiblingSuggest(PDO $db): void {
return; return;
} }
$validLocations = ['dispensa', 'frigo', 'freezer', 'altro'];
$location = $input['location'] ?? 'dispensa'; $location = $input['location'] ?? 'dispensa';
if (!in_array($location, $validLocations, true)) { if (!isValidLocation($db, $location)) {
$location = 'dispensa'; $location = 'dispensa';
} }