Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Use POST for leaving groups, validate input

master
Anonymous Contributor 2023-08-23 18:16:35 +02:00
parent e6d51a0afb
commit 9d760f7dc3
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
pages/groups.php
View File

@ -1,8 +1,17 @@
<?php
if(@$_REQUEST['action'] == 'leave' && @$_REQUEST['group'] != '')
if($_SERVER['REQUEST_TYPE'] == 'POST')
{
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?");
$statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID']));
if(isset($_POST['leave'])) {
include '../app/FormValidator.php';
$validator = new FormValidator(array(
'group' => array('required' => true, 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/')
));
if($validator->isValid($_POST)) {
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?");
$statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID']));
}
}
header('Location: index.php?page=groups');
die();
@ -26,7 +35,7 @@
while($rowGroups = $statementGroups->fetch())
{
$entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><a href="index.php?page=groups&action=leave&group='.htmlspecialchars($rowGroups['GroupID']).'">VERLASSEN</a></td></tr>';
$entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><form action="index.php?page=groups" method="post">%%CSRF%%<input type="hidden" name="group" value="'.htmlspecialchars($rowGroups['GroupID']).'"><button type="submit" name="leave" class="btn btn-danger btn-sm">VERLASSEN</button></form></td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
}
}