summaryrefslogtreecommitdiff
path: root/app/Controller
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2017-08-11 22:18:53 -0700
committerFrederic Guillot <fred@kanboard.net>2017-08-11 22:18:53 -0700
commitb79b18efd7a1a8b591753a4eddd473f88d55b7df (patch)
treefd5106e5f0d033e5106b46f3693931f6cc060bbf /app/Controller
parent88dd6abbf3f519897f2f6280e95c9eec9123a4ae (diff)
Filter variables when updating user profile
Diffstat (limited to 'app/Controller')
-rw-r--r--app/Controller/UserCredentialController.php6
-rw-r--r--app/Controller/UserModificationController.php11
2 files changed, 13 insertions, 4 deletions
diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php
index ae52a13c..a8b90b7b 100644
--- a/app/Controller/UserCredentialController.php
+++ b/app/Controller/UserCredentialController.php
@@ -44,7 +44,11 @@ class UserCredentialController extends BaseController
list($valid, $errors) = $this->userValidator->validatePasswordModification($values);
if (! $this->userSession->isAdmin()) {
- $values['id'] = $this->userSession->getId();
+ $values = array(
+ 'id' => $this->userSession->getId(),
+ 'password' => isset($values['password']) ? $values['password'] : '',
+ 'confirmation' => isset($values['confirmation']) ? $values['confirmation'] : '',
+ );
}
if ($valid) {
diff --git a/app/Controller/UserModificationController.php b/app/Controller/UserModificationController.php
index ed145921..f4916f6f 100644
--- a/app/Controller/UserModificationController.php
+++ b/app/Controller/UserModificationController.php
@@ -47,9 +47,14 @@ class UserModificationController extends BaseController
$values = $this->request->getValues();
if (! $this->userSession->isAdmin()) {
- if (isset($values['role'])) {
- unset($values['role']);
- }
+ $values = array(
+ 'id' => $this->userSession->getId(),
+ 'username' => isset($values['username']) ? $values['username'] : '',
+ 'name' => isset($values['name']) ? $values['name'] : '',
+ 'email' => isset($values['email']) ? $values['email'] : '',
+ 'timezone' => isset($values['timezone']) ? $values['timezone'] : '',
+ 'language' => isset($values['language']) ? $values['language'] : '',
+ );
}
list($valid, $errors) = $this->userValidator->validateModification($values);