Fix input validation checks in identities.php
parent
7b08766668
commit
b3db0383a1
|
@ -14,9 +14,7 @@
|
|||
$statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_SESSION['UUID']]);
|
||||
}
|
||||
|
||||
if(isset($_REQUEST['enableIdent']) || @$_REQUEST['enableIdent'] != "")
|
||||
{
|
||||
if(isset($_REQUEST['newuuid']) || @$_REQUEST['newuuid'] != "")
|
||||
if(isset($_REQUEST['enableIdent']) && isset($_REQUEST['newuuid']) && $_REQUEST['enableIdent'] != "" && $_REQUEST['newuuid'] != "")
|
||||
{
|
||||
$statement = $RUNTIME['PDO']->prepare("SELECT 1 FROM UserIdentitys WHERE PrincipalID = :PrincipalID AND IdentityID = :IdentityID LIMIT 1");
|
||||
$statement->execute(['PrincipalID' => $_SESSION['UUID'], 'IdentityID' => $_REQUEST['newuuid']]);
|
||||
|
@ -65,11 +63,8 @@
|
|||
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Du kannst die Identität nicht ändern, während du angemeldet bist. Bitte schließe den Viewer.</div>');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(isset($_REQUEST['createIdent']) || @$_REQUEST['createIdent'] != "")
|
||||
{
|
||||
if(isset($_REQUEST['newName']) || @$_REQUEST['newName'] != "")
|
||||
if(isset($_REQUEST['createIdent']) && isset($_REQUEST['newName']) && $_REQUEST['createIdent'] != "" && $_REQUEST['newName'] != "")
|
||||
{
|
||||
$avatarNameParts = explode(" ", trim($_REQUEST['newName']));
|
||||
|
||||
|
@ -95,8 +90,7 @@
|
|||
}else{
|
||||
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Der Name muss aus einem Vor und einem Nachnamen bestehen.</div>');
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$table = '<table class="table"><thead><tr><th scope="col">Name</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
|
||||
$statement = $RUNTIME['PDO']->prepare("SELECT IdentityID FROM UserIdentitys WHERE PrincipalID = ? ORDER BY IdentityID ASC");
|
||||
|
|
Loading…
Reference in New Issue