fix injection

app/Http/Controllers/MeasurementController.php

@@ -15,7 +15,11 @@ class MeasurementController extends Controller
      */
     public function get(Request $request)
     {
-        $type = $request->input('type', 'temperature');
+        $types = ['temperature','humidity','pressure'];
+
+        $type = $request->input('type', $types[0]);
+        if (!in_array($type,$types)) $type = $types[0];
+
         $q = sprintf("select time,value from bme280_value where host='balkon' and type='%s' and time > now()-1d",$type);
         $result = \InfluxDB::query($q);
         $points = $result->getPoints();