Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Enforce POST when sending register form

master
Anonymous Contributor 2023-08-23 18:16:35 +02:00
parent d46835e8eb
commit 4dfb3d81c3
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pages/register.php
View File

@ -29,8 +29,7 @@
die("INVALID INVITE CODE!"); die("INVALID INVITE CODE!");
} }
if(!isset($_REQUEST['doRegister'])) if($_SERVER['REQUEST_METHOD'] != 'POST') {
{
displayPage(""); displayPage("");
} }
@ -45,7 +44,7 @@
)); ));
if(!$validator->isValid($_POST)) { if(!$validator->isValid($_POST)) {
if(!isset($_REQUEST['tos']) || $_REQUEST['tos'] !== true) { if(!isset($_POST['tos']) || $_POST['tos'] !== true) {
displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren."); displayPage("Du musst die Nutzungsbedingungen lesen und Akzeptieren.");
} }
else { else {
@ -60,7 +59,7 @@
$RUNTIME['REGISTER']['EMAIL'] = null; $RUNTIME['REGISTER']['EMAIL'] = null;
$RUNTIME['REGISTER']['AVATAR'] = null; $RUNTIME['REGISTER']['AVATAR'] = null;
$RUNTIME['REGISTER']['TOS'] = true; $RUNTIME['REGISTER']['TOS'] = true;
$name = trim($_REQUEST['username']); $name = trim($_POST['username']);
if($name != "") if($name != "")
{ {
$nameParts = explode(" ", $name); $nameParts = explode(" ", $name);
@ -81,11 +80,11 @@
displayPage("Der gewählte Name ist bereits vergeben."); displayPage("Der gewählte Name ist bereits vergeben.");
} }
} }
$RUNTIME['REGISTER']['PASS'] = trim($_REQUEST['password']); $RUNTIME['REGISTER']['PASS'] = trim($_POST['password']);
$RUNTIME['REGISTER']['EMAIL'] = trim($_REQUEST['email']); $RUNTIME['REGISTER']['EMAIL'] = trim($_POST['email']);
if(isset($RUNTIME['DEFAULTAVATAR'][$_REQUEST['avatar']]['UUID'])) if(isset($RUNTIME['DEFAULTAVATAR'][$_POST['avatar']]['UUID']))
{ {
$RUNTIME['REGISTER']['AVATAR'] = trim($_REQUEST['avatar']); $RUNTIME['REGISTER']['AVATAR'] = trim($_POST['avatar']);
} }
else else
{ {