From 4dfb3d81c33f5c39c30843b3885d3ba676fd0a14 Mon Sep 17 00:00:00 2001
From: Anonymous Contributor <anonymous@invalid>
Date: Wed, 23 Aug 2023 18:16:35 +0200
Subject: [PATCH] Enforce POST when sending register form

---
 pages/register.php | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/pages/register.php b/pages/register.php
index bf4b3fa..cb7d9f5 100644
--- a/pages/register.php
+++ b/pages/register.php
@@ -29,8 +29,7 @@
 		die("INVALID INVITE CODE!");
 	}
 
-	if(!isset($_REQUEST['doRegister']))
-	{		
+	if($_SERVER['REQUEST_METHOD'] != 'POST') {		
 		displayPage("");
 	}
 
@@ -45,7 +44,7 @@
 	));
 
 	if(!$validator->isValid($_POST)) {
-		if(!isset($_REQUEST['tos']) || $_REQUEST['tos'] !== true) {
+		if(!isset($_POST['tos']) || $_POST['tos'] !== true) {
 			displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
 		}
 		else {
@@ -60,7 +59,7 @@
 	$RUNTIME['REGISTER']['EMAIL']	=	null;
 	$RUNTIME['REGISTER']['AVATAR']	=	null;
 	$RUNTIME['REGISTER']['TOS']		=	true;
-	$name = trim($_REQUEST['username']);
+	$name = trim($_POST['username']);
 	if($name != "")
 	{
 		$nameParts = explode(" ", $name);
@@ -81,11 +80,11 @@
 			displayPage("Der gewählte Name ist bereits vergeben.");
 		}
 	}
-	$RUNTIME['REGISTER']['PASS'] = trim($_REQUEST['password']);
-	$RUNTIME['REGISTER']['EMAIL']	=	trim($_REQUEST['email']);	
-	if(isset($RUNTIME['DEFAULTAVATAR'][$_REQUEST['avatar']]['UUID']))
+	$RUNTIME['REGISTER']['PASS'] = trim($_POST['password']);
+	$RUNTIME['REGISTER']['EMAIL']	=	trim($_POST['email']);	
+	if(isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID']))
 	{
-		$RUNTIME['REGISTER']['AVATAR']	=	trim($_REQUEST['avatar']);
+		$RUNTIME['REGISTER']['AVATAR']	=	trim($_POST['avatar']);
 	}
 	else
 	{