Filter variables when updating user profile

author: Frederic Guillot <fred@kanboard.net> 2017-08-11 22:18:53 -0700
committer: Frederic Guillot <fred@kanboard.net> 2017-08-11 22:18:53 -0700
commit: b79b18efd7a1a8b591753a4eddd473f88d55b7df (patch)
tree: fd5106e5f0d033e5106b46f3693931f6cc060bbf /app/Controller/UserCredentialController.php
parent: 88dd6abbf3f519897f2f6280e95c9eec9123a4ae (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php
index ae52a13c..a8b90b7b 100644
--- a/app/Controller/UserCredentialController.php
+++ b/app/Controller/UserCredentialController.php
@@ -44,7 +44,11 @@ class UserCredentialController extends BaseController
         list($valid, $errors) = $this->userValidator->validatePasswordModification($values);
 
         if (! $this->userSession->isAdmin()) {
-            $values['id'] = $this->userSession->getId();
+            $values = array(
+                'id' => $this->userSession->getId(),
+                'password' => isset($values['password']) ? $values['password'] : '',
+                'confirmation' => isset($values['confirmation']) ? $values['confirmation'] : '',
+            );
         }
 
         if ($valid) {
author	Frederic Guillot <fred@kanboard.net>	2017-08-11 22:18:53 -0700
committer	Frederic Guillot <fred@kanboard.net>	2017-08-11 22:18:53 -0700
commit	b79b18efd7a1a8b591753a4eddd473f88d55b7df (patch)
tree	fd5106e5f0d033e5106b46f3693931f6cc060bbf /app/Controller/UserCredentialController.php
parent	88dd6abbf3f519897f2f6280e95c9eec9123a4ae (diff)