Headline
CVE-2023-1789: Merge pull request #7043 from firefly-iii/fix-bad-escape · firefly-iii/firefly-iii@6b05c0f
Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.
@@ -41,23 +41,23 @@ class CurrencyUpdateService public function update(TransactionCurrency $currency, array $data): TransactionCurrency { if (array_key_exists('code’, $data) && ‘’ !== (string)$data[‘code’]) { $currency->code = $data[‘code’]; $currency->code = e($data[‘code’]); }
if (array_key_exists('symbol’, $data) && ‘’ !== (string)$data[‘symbol’]) { $currency->symbol = $data[‘symbol’]; $currency->symbol = e($data[‘symbol’]); }
if (array_key_exists('name’, $data) && ‘’ !== (string)$data[‘name’]) { $currency->name = $data[‘name’]; $currency->name = e($data[‘name’]); }
if (array_key_exists('enabled’, $data) && is_bool($data[‘enabled’])) { $currency->enabled = $data[‘enabled’]; $currency->enabled = (bool) $data[‘enabled’]; }
if (array_key_exists('decimal_places’, $data) && is_int($data[‘decimal_places’])) { $currency->decimal_places = $data[‘decimal_places’]; $currency->decimal_places = (int) $data[‘decimal_places’]; }
$currency->save();
Related news
Firefly III versions prior to 6.0.0 are vulnerable to improper input validation.