From fa427b279a400ce98457bfc2acc747b3d48e4f14 Mon Sep 17 00:00:00 2001 From: Peter Ivanov Date: Sat, 19 Feb 2022 16:32:17 +0200 Subject: [PATCH] update --- .../App/tests/LiveEditTest.php | 17 +++++++++++++++++ .../Content/ContentManagerHelpers.php | 9 ++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/src/MicroweberPackages/App/tests/LiveEditTest.php b/src/MicroweberPackages/App/tests/LiveEditTest.php index 8a237b4ed7a..592030c937a 100644 --- a/src/MicroweberPackages/App/tests/LiveEditTest.php +++ b/src/MicroweberPackages/App/tests/LiveEditTest.php @@ -94,5 +94,22 @@ public function testSaveContentOnPage() $this->assertTrue(str_contains($html, $contentFieldHtml)); + + + $response = $this->call( + 'POST', + route('api.content.save_edit'), + [ + 'data_base64' => 'somethingthatisnotbase64', + ], + [],//params + $_COOKIE,//cookie + [],//files + $_SERVER //server + ); + $fieldSaved = $response->decodeResponseJson(); + $this->assertArrayHasKey( 'error',$fieldSaved); + + } } diff --git a/src/MicroweberPackages/Content/ContentManagerHelpers.php b/src/MicroweberPackages/Content/ContentManagerHelpers.php index 21d2f5b4759..1c97978952a 100644 --- a/src/MicroweberPackages/Content/ContentManagerHelpers.php +++ b/src/MicroweberPackages/Content/ContentManagerHelpers.php @@ -627,9 +627,16 @@ public function save_from_live_edit($post_data) } $post_data['json_obj'] = @base64_decode($post_data['data_base64']); + if($post_data['json_obj'] == false){ + return array('error' => 'The invalid data was sent'); + } + } if (isset($post_data['json_obj'])) { - $obj = json_decode($post_data['json_obj'], true); + $obj = @json_decode($post_data['json_obj'], true); + if($obj == false){ + return array('error' => 'The invalid data was sent'); + } $post_data = $obj; } if (isset($post_data['mw_preview_only'])) {