diff options
author | Frederic Guillot <fred@kanboard.net> | 2017-08-11 22:18:53 -0700 |
---|---|---|
committer | Frederic Guillot <fred@kanboard.net> | 2017-08-11 22:18:53 -0700 |
commit | b79b18efd7a1a8b591753a4eddd473f88d55b7df (patch) | |
tree | fd5106e5f0d033e5106b46f3693931f6cc060bbf /app/Controller | |
parent | 88dd6abbf3f519897f2f6280e95c9eec9123a4ae (diff) |
Filter variables when updating user profile
Diffstat (limited to 'app/Controller')
-rw-r--r-- | app/Controller/UserCredentialController.php | 6 | ||||
-rw-r--r-- | app/Controller/UserModificationController.php | 11 |
2 files changed, 13 insertions, 4 deletions
diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php index ae52a13c..a8b90b7b 100644 --- a/app/Controller/UserCredentialController.php +++ b/app/Controller/UserCredentialController.php @@ -44,7 +44,11 @@ class UserCredentialController extends BaseController list($valid, $errors) = $this->userValidator->validatePasswordModification($values); if (! $this->userSession->isAdmin()) { - $values['id'] = $this->userSession->getId(); + $values = array( + 'id' => $this->userSession->getId(), + 'password' => isset($values['password']) ? $values['password'] : '', + 'confirmation' => isset($values['confirmation']) ? $values['confirmation'] : '', + ); } if ($valid) { diff --git a/app/Controller/UserModificationController.php b/app/Controller/UserModificationController.php index ed145921..f4916f6f 100644 --- a/app/Controller/UserModificationController.php +++ b/app/Controller/UserModificationController.php @@ -47,9 +47,14 @@ class UserModificationController extends BaseController $values = $this->request->getValues(); if (! $this->userSession->isAdmin()) { - if (isset($values['role'])) { - unset($values['role']); - } + $values = array( + 'id' => $this->userSession->getId(), + 'username' => isset($values['username']) ? $values['username'] : '', + 'name' => isset($values['name']) ? $values['name'] : '', + 'email' => isset($values['email']) ? $values['email'] : '', + 'timezone' => isset($values['timezone']) ? $values['timezone'] : '', + 'language' => isset($values['language']) ? $values['language'] : '', + ); } list($valid, $errors) = $this->userValidator->validateModification($values); |