From 7f30afb823f4b458fa4e782ebf7f703ab3c39c98 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Tue, 23 Sep 2025 11:38:08 +0200
Subject: [PATCH] fix(databases): restrict database updates to allowed fields
 only

- Modified the update_by_uuid method to use only the specified allowed fields from the request for database updates, enhancing data integrity and security.
---
 app/Http/Controllers/Api/DatabasesController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Api/DatabasesController.php b/app/Http/Controllers/Api/DatabasesController.php
index 62ac36d5c..0e282fccd 100644
--- a/app/Http/Controllers/Api/DatabasesController.php
+++ b/app/Http/Controllers/Api/DatabasesController.php
@@ -580,7 +580,7 @@ class DatabasesController extends Controller
         }
 
         // Only update database fields, not backup configuration
-        $database->update($request->all());
+        $database->update($request->only($allowedFields));
 
         if ($whatToDoWithDatabaseProxy === 'start') {
             StartDatabaseProxy::dispatch($database);