Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-20 22:42:53 -05:00
Code Issues Activity

🐛 Fixed 500 error when wrong field data was passed

Browse source 
closes #10564

- Added similar filtering logic to models/base in `findOne` as in `findPage` to prevent fetching unexistent columns
This commit is contained in:
Nazar Gargol 2019-03-05 17:19:24 +08:00
parent 30c005f848
commit e109c54245
2 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
core/server/models/base/index.js
View file

@ -932,6 +932,11 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
model.applyDefaultAndCustomFilters(options); model.applyDefaultAndCustomFilters(options);
} }
// Ensure only valid fields/columns are added to query
if (options.columns) {
options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
}
return model.fetch(options); return model.fetch(options);
}, },

5
core/server/models/user.js
View file

@ -384,6 +384,11 @@ User = ghostBookshelf.Model.extend({
data = _.cloneDeep(dataToClone), data = _.cloneDeep(dataToClone),
lookupRole = data.role; lookupRole = data.role;
// Ensure only valid fields/columns are added to query
if (options.columns) {
options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
}
delete data.role; delete data.role;
data = _.defaults(data || {}, { data = _.defaults(data || {}, {
status: 'all' status: 'all'