Explorar o código

Security: allow API to either be used with a list of package names or a timestamp

Stephan Vock %!s(int64=5) %!d(string=hai) anos
pai
achega
05f0b46e86
Modificáronse 1 ficheiros con 1 adicións e 1 borrados
  1. 1 1
      src/Packagist/WebBundle/Controller/ApiController.php

+ 1 - 1
src/Packagist/WebBundle/Controller/ApiController.php

@@ -258,7 +258,7 @@ class ApiController extends Controller
     public function securityAdvisoryAction(Request $request): JsonResponse
     {
         $packageNames = array_filter((array) $request->get('packages'));
-        if (!$packageNames) {
+        if ((!$request->query->has('updatedSince') && !$request->get('packages')) || (!$packageNames && $request->get('packages'))) {
             return new JsonResponse(['status' => 'error', 'message' => 'Missing array of package names as the "packages" parameter'], 400);
         }