From 2a1fc591630fe09cb15bb4c6b5bb6b6321ce4f9b Mon Sep 17 00:00:00 2001
From: Kris <git@k118.de>
Date: Thu, 30 Sep 2021 12:59:06 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Catch=20error=20when=20wrong=20d?=
 =?UTF-8?q?atatype=20is=20given=20in=20request=20(#507)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/FrontendStatusController.php | 12 ++++++++++--
 resources/lang/de.json                            |  1 +
 resources/lang/en.json                            |  1 +
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/FrontendStatusController.php b/app/Http/Controllers/FrontendStatusController.php
index 159d825a3..89873c37d 100644
--- a/app/Http/Controllers/FrontendStatusController.php
+++ b/app/Http/Controllers/FrontendStatusController.php
@@ -58,14 +58,22 @@ public function getGlobalDashboard(): Renderable {
         ]);
     }
 
+    /**
+     * @param Request $request
+     * @todo Is this api? Because of JsonReponse. But if yes: Why it does an Redirect?
+     * @return JsonResponse|RedirectResponse
+     */
     public function DeleteStatus(Request $request): JsonResponse|RedirectResponse {
         try {
-            StatusBackend::DeleteStatus(Auth::user(), $request['statusId']);
+            if(!is_numeric($request['statusId'])) {
+                return redirect()->back()->with('error', __('error.bad-request'));
+            }
+            StatusBackend::DeleteStatus(Auth::user(), (int)$request['statusId']);
         } catch (PermissionException | ModelNotFoundException) {
             return redirect()->back()->with('error', __('controller.status.not-permitted'));
         }
 
-        return response()->json(['message' => __('controller.status.delete-ok')], 200);
+        return response()->json(['message' => __('controller.status.delete-ok')]);
     }
 
     public function EditStatus(Request $request): JsonResponse|RedirectResponse {
diff --git a/resources/lang/de.json b/resources/lang/de.json
index a825dbf22..42df863c0 100644
--- a/resources/lang/de.json
+++ b/resources/lang/de.json
@@ -119,6 +119,7 @@
     "dates.Wednesday": "Mittwoch",
     "dateformat.with-weekday": "dddd, DD. MMMM YYYY",
     "dateformat.month-and-year": "MMMM YYYY",
+    "error.bad-request": "Die Anfrage ist ungültig.",
     "events.header": "Veranstaltung: :name",
     "events.name": "Name",
     "events.hashtag": "Hashtag",
diff --git a/resources/lang/en.json b/resources/lang/en.json
index d5bef9564..3cf079da4 100644
--- a/resources/lang/en.json
+++ b/resources/lang/en.json
@@ -95,6 +95,7 @@
     "controller.user.follow-request-ok": "Requested follow.",
     "controller.user.password-changed-ok": "Password changed.",
     "controller.user.password-wrong": "Password wrong.",
+    "error.bad-request": "The request is invalid.",
     "dates.-on-": " on ",
     "dates.decimal_point": ".",
     "dates.thousands_sep": ",",