From 861d97b9439c18fcc3e2d65e37e9a34c0f5fdf40 Mon Sep 17 00:00:00 2001
From: tchapi <cyril.chapellier@alan.eu>
Date: Sat, 26 Nov 2022 23:25:05 +0100
Subject: [PATCH] Fix bad error status

---
 src/Controller/AdminController.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/Controller/AdminController.php b/src/Controller/AdminController.php
index 4f46a59..48db35b 100644
--- a/src/Controller/AdminController.php
+++ b/src/Controller/AdminController.php
@@ -19,6 +19,7 @@
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Contracts\Translation\TranslatorInterface;
@@ -273,6 +274,10 @@ public function userToggleDelegation(ManagerRegistry $doctrine, string $username
      */
     public function userDelegateAdd(ManagerRegistry $doctrine, Request $request, string $username)
     {
+        if (!is_numeric($request->get('principalId'))) {
+            throw new BadRequestHttpException();
+        }
+
         $newMemberToAdd = $doctrine->getRepository(Principal::class)->findOneById($request->get('principalId'));
 
         if (!$newMemberToAdd) {
@@ -464,6 +469,10 @@ public function calendarShareAdd(ManagerRegistry $doctrine, Request $request, st
             throw $this->createNotFoundException('Calendar not found');
         }
 
+        if (!is_numeric($request->get('principalId'))) {
+            throw new BadRequestHttpException();
+        }
+
         $newShareeToAdd = $doctrine->getRepository(Principal::class)->findOneById($request->get('principalId'));
         if (!$newShareeToAdd) {
             throw $this->createNotFoundException('Member not found');