From 9d760f7dc3b4e063bdfd2a7acec51725151d6ca7 Mon Sep 17 00:00:00 2001
From: Anonymous Contributor <anonymous@invalid>
Date: Wed, 23 Aug 2023 18:16:35 +0200
Subject: [PATCH] Use POST for leaving groups, validate input

---
 pages/groups.php | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/pages/groups.php b/pages/groups.php
index 86b1353..aba164d 100644
--- a/pages/groups.php
+++ b/pages/groups.php
@@ -1,8 +1,17 @@
 <?php
-    if(@$_REQUEST['action'] == 'leave' && @$_REQUEST['group'] != '')
+    if($_SERVER['REQUEST_TYPE'] == 'POST')
     {
-        $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?");
-        $statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID'])); 
+        if(isset($_POST['leave'])) {
+            include '../app/FormValidator.php';
+            $validator = new FormValidator(array(
+                'group' => array('required' => true, 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/')
+            ));
+
+            if($validator->isValid($_POST)) {
+                $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?");
+                $statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID']));
+            }
+        }
 
         header('Location: index.php?page=groups');
         die();
@@ -26,7 +35,7 @@
 
         while($rowGroups = $statementGroups->fetch()) 
         {
-            $entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><a href="index.php?page=groups&action=leave&group='.htmlspecialchars($rowGroups['GroupID']).'">VERLASSEN</a></td></tr>';
+            $entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><form action="index.php?page=groups" method="post">%%CSRF%%<input type="hidden" name="group" value="'.htmlspecialchars($rowGroups['GroupID']).'"><button type="submit" name="leave" class="btn btn-danger btn-sm">VERLASSEN</button></form></td></tr>';
             $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
         }
     }