fix: harden backend synchronization
This commit is contained in:
@@ -8,8 +8,14 @@ return static function (AppContext $ctx): void {
|
||||
$ctx->requireCsrf('create');
|
||||
$input = normalize_rule_post($_POST);
|
||||
$rule = attach_rule_scope($ctx, RuleValidator::validate($input, $ctx->settings));
|
||||
$ctx->rules->create($ctx->daUser->username(), $rule);
|
||||
$ctx->syncActiveBackend();
|
||||
enforce_rule_backend_constraints($ctx, null, $rule);
|
||||
$created = $ctx->rules->create($ctx->daUser->username(), $rule);
|
||||
try {
|
||||
$ctx->syncActiveBackend();
|
||||
} catch (Throwable $syncError) {
|
||||
$ctx->rules->delete($ctx->daUser->username(), (string)$created['id']);
|
||||
throw $syncError;
|
||||
}
|
||||
Http::redirect($ctx->url('index.html', ['status' => 'created']));
|
||||
} catch (Throwable $e) {
|
||||
$errors[] = $e->getMessage();
|
||||
|
||||
Reference in New Issue
Block a user