vh/homepage
1
0
Fork 0
mirror of https://github.com/gethomepage/homepage.git synced 2025-12-07 09:35:54 -08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Security: Sanitize widget api keys from response

Browse Source 
Closes https://github.com/gethomepage/homepage/security/advisories/GHSA-cjgf-vhj6-8cx4
This commit is contained in:
shamoon
2024-06-05 19:38:26 -07:00
parent 36e77e1fe3
commit f0d7cf3ce6
3 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/pages/api/widgets/openweathermap.js
View File

@@ -1,9 +1,11 @@
import cachedFetch from "utils/proxy/cached-fetch";
import { getSettings } from "utils/config/config";
import { getPrivateWidgetOptions } from "utils/config/widget-helpers";
export default async function handler(req, res) {
const { latitude, longitude, units, provider, cache, lang } = req.query;
let { apiKey } = req.query;
const { latitude, longitude, units, provider, cache, lang, index } = req.query;
const privateWidgetOptions = await getPrivateWidgetOptions("openweathermap", index);
let { apiKey } = privateWidgetOptions;
if (!apiKey && !provider) {
return res.status(400).json({ error: "Missing API key or provider" });

6
src/pages/api/widgets/weather.js
View File

@@ -1,9 +1,11 @@
import cachedFetch from "utils/proxy/cached-fetch";
import { getSettings } from "utils/config/config";
import { getPrivateWidgetOptions } from "utils/config/widget-helpers";
export default async function handler(req, res) {
const { latitude, longitude, provider, cache, lang } = req.query;
let { apiKey } = req.query;
const { latitude, longitude, provider, cache, lang, index } = req.query;
const privateWidgetOptions = await getPrivateWidgetOptions("weatherapi", index);
let { apiKey } = privateWidgetOptions;
if (!apiKey && !provider) {
return res.status(400).json({ error: "Missing API key or provider" });