From 272e6586287d1a363b9f609d26457d9c0ef391c6 Mon Sep 17 00:00:00 2001 From: Andreas Granig Date: Thu, 24 Aug 2017 10:57:15 +0200 Subject: [PATCH] TT#21050 Tighten POST checks * Validate Content-Type before validating content itself. * Validate Prefer Change-Id: Ie966fa5f0df0b8b695130ea5e4384ff84773bd87 --- lib/NGCP/Panel/Role/API.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/NGCP/Panel/Role/API.pm b/lib/NGCP/Panel/Role/API.pm index cd5529cbe9..b86e172eb3 100644 --- a/lib/NGCP/Panel/Role/API.pm +++ b/lib/NGCP/Panel/Role/API.pm @@ -86,7 +86,10 @@ sub get_valid_post_data { my $c = $params{c}; my $media_type = $params{media_type}; my $json = $self->get_valid_raw_post_data(%params); + return unless $self->valid_media_type($c, $media_type); + return unless $self->require_preference($c); return unless $self->require_wellformed_json($c, $media_type, $json); + return JSON::from_json($json, { utf8 => 1 }); }