dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

fix(databases): restrict database updates to allowed fields only

Browse Source 
- Modified the update_by_uuid method to use only the specified allowed fields from the request for database updates, enhancing data integrity and security.
This commit is contained in:
Andras Bacsai
2025-09-23 11:38:08 +02:00
parent 9ecb1ca011
commit 7f30afb823
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/Api/DatabasesController.php
View File

@@ -580,7 +580,7 @@ class DatabasesController extends Controller
} }
// Only update database fields, not backup configuration // Only update database fields, not backup configuration
$database->update($request->all()); $database->update($request->only($allowedFields));
if ($whatToDoWithDatabaseProxy === 'start') { if ($whatToDoWithDatabaseProxy === 'start') {
StartDatabaseProxy::dispatch($database); StartDatabaseProxy::dispatch($database);