Website
/
Manager
1
0
Fork 0
Code Releases 11 Activity

Fix input validation checks in identities.php

master
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent 7b08766668
commit b3db0383a1
1 changed files with 61 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pages/identities.php
View File

@ -14,9 +14,7 @@
$statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_SESSION['UUID']]);
}
if(isset($_REQUEST['enableIdent']) || @$_REQUEST['enableIdent'] != "")
{
if(isset($_REQUEST['newuuid']) || @$_REQUEST['newuuid'] != "")
if(isset($_REQUEST['enableIdent']) && isset($_REQUEST['newuuid']) && $_REQUEST['enableIdent'] != "" && $_REQUEST['newuuid'] != "")
{
$statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = :PrincipalID AND IdentityID = :IdentityID LIMIT 1");
$statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]);
@ -65,11 +63,8 @@
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Du kannst die Identität nicht ändern, während du angemeldet bist. Bitte schließe den Viewer.</div>');
}
}
}
if(isset($_REQUEST['createIdent']) || @$_REQUEST['createIdent'] != "")
{
if(isset($_REQUEST['newName']) || @$_REQUEST['newName'] != "")
if(isset($_REQUEST['createIdent']) && isset($_REQUEST['newName']) && $_REQUEST['createIdent'] != "" && $_REQUEST['newName'] != "")
{
$avatarNameParts = explode(" ", trim($_REQUEST['newName']));
@ -96,7 +91,6 @@
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Der Name muss aus einem Vor und einem Nachnamen bestehen.</div>');
}
}
}
$table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
$statement = $RUNTIME['PDO']->prepare("SELECT IdentityID FROM UserIdentitys WHERE PrincipalID = ? ORDER BY IdentityID ASC");