fixes #1924 protect API user input from SQL injections

2026-03-28 17:42:57 +01:00 · 2023-05-29 12:25:03 +02:00
parent efc5bcfc85
commit 0649ad3245
4 changed files with 13 additions and 0 deletions
--- a/ws.php
+++ b/ws.php
@@ -1102,6 +1102,8 @@ function ws_addDefaultMethods( $arr )
                              'type'=>WS_TYPE_INT|WS_TYPE_POSITIVE),
        'order' =>      array('default'=>'id',
                              'info'=>'id, username, level, email'),
+        'exclude' =>    array('flags'=>WS_PARAM_OPTIONAL|WS_PARAM_FORCE_ARRAY,
+                              'type'=>WS_TYPE_ID),
        'display' =>    array('default'=>'basics',
                              'info'=>'Comma saparated list (see method description)'),
        ),