jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: use more antiforgery tokens

Browse Source
This commit is contained in:
Gary Sharp
2025-07-25 12:32:44 +10:00
parent fd43d85778
commit 7deead494b
222 changed files with 12919 additions and 11728 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Disco.Web/Areas/API/Controllers/ExpressionsController.cs
+4 -4
View File
@@ -20,7 +20,7 @@ namespace Disco.Web.Areas.API.Controllers
public virtual ActionResult TypeDescriptor(string type, bool staticMembersOnly = false)
{
if (string.IsNullOrWhiteSpace(type))
return new HttpStatusCodeResult(400, "Type is required");
return BadRequest("Type is required");
var t = Type.GetType(type, false);
@@ -28,15 +28,15 @@ namespace Disco.Web.Areas.API.Controllers
{
var typeNameParts = type.Split(new string[] { ", " }, StringSplitOptions.None);
if (typeNameParts.Length < 2)
return Json("Invalid Type Specified");
return BadRequest("Invalid Type Specified");
if (!ExpressionExtensionProviderFeature.TryGetExtensionAssembly(typeNameParts[1], out var assembly))
return Json("Invalid Type Specified");
return BadRequest("Invalid Type Specified");
t = assembly.GetType(typeNameParts[0]);
if (t == null)
return Json("Invalid Type Specified");
return BadRequest("Invalid Type Specified");
}
return Json(ExpressionTypeDescriptor.Build(t, staticMembersOnly));