From 18df96138178fb58d5f70992139d3890fc1095eb Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Mon, 26 Nov 2018 12:14:53 +0100 Subject: [PATCH] ensure allowed_phpconfigs parameter for Customers.add() and Customers.edit() is an integer-array, fixes #598 Signed-off-by: Michael Kaufmann --- lib/classes/api/commands/class.Customers.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/classes/api/commands/class.Customers.php b/lib/classes/api/commands/class.Customers.php index 0b0d0894..1f109629 100644 --- a/lib/classes/api/commands/class.Customers.php +++ b/lib/classes/api/commands/class.Customers.php @@ -265,6 +265,7 @@ class Customers extends ApiCommand implements ResourceEntity $customernumber = validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true); $def_language = validate($def_language, 'default language', '', '', array(), true); $custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); + $allowed_phpconfigs = array_map('intval', $allowed_phpconfigs); if (Settings::Get('system.mail_quota_enabled') != '1') { $email_quota = - 1; @@ -910,6 +911,7 @@ class Customers extends ApiCommand implements ResourceEntity $email = $idna_convert->encode(validate($email, 'email', '', '', array(), true)); $customernumber = validate($customernumber, 'customer number', '/^[A-Za-z0-9 \-]*$/Di', '', array(), true); $custom_notes = validate(str_replace("\r\n", "\n", $custom_notes), 'custom_notes', '/^[^\0]*$/', '', array(), true); + $allowed_phpconfigs = array_map('intval', $allowed_phpconfigs); } $def_language = validate($def_language, 'default language', '', '', array(), true); $theme = validate($theme, 'theme', '', '', array(), true);