TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-11-28 05:37:34 +03:00
Code Issues Projects Releases Wiki Activity

🐛 Fixed 500 error when wrong field data was passed

Browse Source 
closes #10564

- Added similar filtering logic to models/base in `findOne` as in `findPage` to prevent fetching unexistent columns
This commit is contained in:
Nazar Gargol 2019-03-05 17:19:24 +08:00
parent 30c005f848
commit e109c54245
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/server/models/base/index.js
View File

@ -932,6 +932,11 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
model.applyDefaultAndCustomFilters(options);
}
// Ensure only valid fields/columns are added to query
if (options.columns) {
options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
}
return model.fetch(options);
},

5
core/server/models/user.js
View File

@ -384,6 +384,11 @@ User = ghostBookshelf.Model.extend({
data = _.cloneDeep(dataToClone),
lookupRole = data.role;
// Ensure only valid fields/columns are added to query
if (options.columns) {
options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
}
delete data.role;
data = _.defaults(data || {}, {
status: 'all'