fix(databases): restrict database updates to allowed fields only

- Modified the update_by_uuid method to use only the specified allowed fields from the request for database updates, enhancing data integrity and security.
2025-09-23 11:38:08 +02:00
parent 9ecb1ca011
commit 7f30afb823
1 changed files with 1 additions and 1 deletions
--- a/app/Http/Controllers/Api/DatabasesController.php
+++ b/app/Http/Controllers/Api/DatabasesController.php
@@ -580,7 +580,7 @@ class DatabasesController extends Controller
        }

        // Only update database fields, not backup configuration
-        $database->update($request->all());
+        $database->update($request->only($allowedFields));

        if ($whatToDoWithDatabaseProxy === 'start') {
            StartDatabaseProxy::dispatch($database);