1
0
Fork 0

Use POST for leaving groups, validate input

master
Anonymous Contributor 2023-08-23 18:16:35 +02:00
parent e6d51a0afb
commit 9d760f7dc3
1 changed files with 13 additions and 4 deletions

View File

@ -1,8 +1,17 @@
<?php <?php
if(@$_REQUEST['action'] == 'leave' && @$_REQUEST['group'] != '') if($_SERVER['REQUEST_TYPE'] == 'POST')
{ {
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?"); if(isset($_POST['leave'])) {
$statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID'])); include '../app/FormValidator.php';
$validator = new FormValidator(array(
'group' => array('required' => true, 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/')
));
if($validator->isValid($_POST)) {
$statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM os_groups_membership WHERE GroupID = ? AND PrincipalID = ?");
$statementMembership->execute(array($_REQUEST['group'], $_SESSION['UUID']));
}
}
header('Location: index.php?page=groups'); header('Location: index.php?page=groups');
die(); die();
@ -26,7 +35,7 @@
while($rowGroups = $statementGroups->fetch()) while($rowGroups = $statementGroups->fetch())
{ {
$entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><a href="index.php?page=groups&action=leave&group='.htmlspecialchars($rowGroups['GroupID']).'">VERLASSEN</a></td></tr>'; $entry = '<tr><td>'.htmlspecialchars($rowGroups['Name']).'</td><td>'.htmlspecialchars($opensim->getUserName($rowGroups['FounderID'])).'</td><td><form action="index.php?page=groups" method="post">%%CSRF%%<input type="hidden" name="group" value="'.htmlspecialchars($rowGroups['GroupID']).'"><button type="submit" name="leave" class="btn btn-danger btn-sm">VERLASSEN</button></form></td></tr>';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
} }
} }