added chack the database is in setting.config

statisticsnorway · Nov 13, 2024 · 5149c2f · 5149c2f
1 parent 0fada84
commit 5149c2f
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/PXWeb/Code/API/Controllers/MenuController.cs b/PXWeb/Code/API/Controllers/MenuController.cs
@@ -1,6 +1,7 @@
 using PXWeb.Database;
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Web.Http;
@@ -27,12 +28,21 @@ public HttpResponseMessage RebuildMenu(string database, bool languageDependent =
             _logger.Info("RebuildMenu - started");
             try
             {
-                // Validate the database parameter (from AI)
+                // Validate the database parameter (from CodeQL AI)
                 if (database.Contains("..") || database.Contains("/") || database.Contains("\\"))
                 {
+                    //dont think it is possible to hit this
                     return Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid database name");
                 }
 
+                // this prevents typos
+                if (!(PXWeb.Settings.Current.General.Databases.CnmmDatabases.Contains(database) ||
+                    PXWeb.Settings.Current.General.Databases.PxDatabases.Contains(database)))
+                {
+                    return Request.CreateResponse(HttpStatusCode.BadRequest, "Unknown database name");
+                }
+
+
                 string path;
 
                 path = System.Web.HttpContext.Current.Server.MapPath(Settings.Current.General.Paths.PxDatabasesPath);