Skip to content

Commit f1bf258

Browse files
committed
fix: update-field api allows to update only translations resource
AdminForth/1731/security-audit
1 parent 68865a5 commit f1bf258

1 file changed

Lines changed: 3 additions & 1 deletion

File tree

index.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1254,7 +1254,9 @@ export default class I18nPlugin extends AdminForthPlugin {
12541254
path: `/plugin/${this.pluginInstanceId}/update-field`,
12551255
handler: async ({ body, adminUser, headers }) => {
12561256
const { resourceId, recordId, field, value, reviewed } = body;
1257-
1257+
if (resourceId !== this.resourceConfig.resourceId) {
1258+
return { error: 'Invalid resourceId' };
1259+
}
12581260
const resource = this.adminforth.config.resources.find(r => r.resourceId === resourceId);
12591261
// Create update object with just the single field
12601262
const updateRecord = { [field]: value };

0 commit comments

Comments
 (0)