Address code review feedback - improve security and code clarity
Co-authored-by: naielv <109038805+naielv@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
@@ -158,13 +158,16 @@ if ($_SERVER["REQUEST_METHOD"] === "POST" && $canEdit) {
|
|||||||
if ($action === "delete_type") {
|
if ($action === "delete_type") {
|
||||||
$deleteId = trim($_POST["delete_type_id"] ?? "");
|
$deleteId = trim($_POST["delete_type_id"] ?? "");
|
||||||
if ($deleteId !== "") {
|
if ($deleteId !== "") {
|
||||||
|
$deleted = false;
|
||||||
$newMenuTypes = [];
|
$newMenuTypes = [];
|
||||||
foreach ($menuTypes as $t) {
|
foreach ($menuTypes as $t) {
|
||||||
if (($t["id"] ?? "") !== $deleteId) {
|
if (($t["id"] ?? "") === $deleteId) {
|
||||||
|
$deleted = true;
|
||||||
|
} else {
|
||||||
$newMenuTypes[] = $t;
|
$newMenuTypes[] = $t;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (count($newMenuTypes) < count($menuTypes)) {
|
if ($deleted) {
|
||||||
$menuTypes = $newMenuTypes;
|
$menuTypes = $newMenuTypes;
|
||||||
file_put_contents($menuTypesPath, json_encode($menuTypes, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
|
file_put_contents($menuTypesPath, json_encode($menuTypes, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
|
||||||
// Redirect to the first available menu type or default
|
// Redirect to the first available menu type or default
|
||||||
@@ -189,6 +192,7 @@ if ($_SERVER["REQUEST_METHOD"] === "POST" && $canEdit) {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
// Clean up the reference to avoid accidental usage after the loop
|
||||||
unset($t);
|
unset($t);
|
||||||
file_put_contents($menuTypesPath, json_encode($menuTypes, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
|
file_put_contents($menuTypesPath, json_encode($menuTypes, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
|
||||||
header("Location: /entreaulas/comedor.php?aulario=" . urlencode($aulario_id) . "&date=" . urlencode($date) . "&menu=" . urlencode($renameId));
|
header("Location: /entreaulas/comedor.php?aulario=" . urlencode($aulario_id) . "&date=" . urlencode($date) . "&menu=" . urlencode($renameId));
|
||||||
@@ -443,7 +447,9 @@ foreach ($userAulas as $aulaId) {
|
|||||||
|
|
||||||
<script>
|
<script>
|
||||||
function toggleRenameForm(typeId) {
|
function toggleRenameForm(typeId) {
|
||||||
const formDiv = document.getElementById('rename-form-' + typeId);
|
// Sanitize typeId to prevent potential XSS
|
||||||
|
const sanitizedId = typeId.replace(/[^a-zA-Z0-9_-]/g, '');
|
||||||
|
const formDiv = document.getElementById('rename-form-' + sanitizedId);
|
||||||
if (formDiv) {
|
if (formDiv) {
|
||||||
formDiv.style.display = formDiv.style.display === 'none' ? 'block' : 'none';
|
formDiv.style.display = formDiv.style.display === 'none' ? 'block' : 'none';
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user