From b79b18efd7a1a8b591753a4eddd473f88d55b7df Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Fri, 11 Aug 2017 22:18:53 -0700
Subject: Filter variables when updating user profile

---
 app/Controller/UserCredentialController.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app/Controller/UserCredentialController.php')

diff --git a/app/Controller/UserCredentialController.php b/app/Controller/UserCredentialController.php
index ae52a13c..a8b90b7b 100644
--- a/app/Controller/UserCredentialController.php
+++ b/app/Controller/UserCredentialController.php
@@ -44,7 +44,11 @@ class UserCredentialController extends BaseController
         list($valid, $errors) = $this->userValidator->validatePasswordModification($values);
 
         if (! $this->userSession->isAdmin()) {
-            $values['id'] = $this->userSession->getId();
+            $values = array(
+                'id' => $this->userSession->getId(),
+                'password' => isset($values['password']) ? $values['password'] : '',
+                'confirmation' => isset($values['confirmation']) ? $values['confirmation'] : '',
+            );
         }
 
         if ($valid) {
-- 
cgit v1.2.3