From 8e4843a06c5d39f85aa1211f758ae4ae44e356f7 Mon Sep 17 00:00:00 2001 From: Emmy D'Anello Date: Mon, 17 Feb 2025 13:42:58 +0100 Subject: [PATCH] Don't trust Webhook data --- main.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.py b/main.py index fac28bb..c7594ca 100755 --- a/main.py +++ b/main.py @@ -141,7 +141,7 @@ def webhook_receiver(): elif triggercode.startswith('USERGROUP_'): with Connection(ldap_server, config.LDAP_BIND_USER, config.LDAP_BIND_PASSWORD) as ldap_conn: dolibarr_group = dolibarr_client.call_get_api(f"users/groups/{obj['id']}") - manage_group_extra_fields(ldap_conn, obj) + manage_group_extra_fields(ldap_conn, dolibarr_group) else: abort(400) return "", 204