Comunic/ComunicAPI
1
0
Fork 0
mirror of https://github.com/pierre42100/ComunicAPI synced 2024-11-23 22:09:29 +00:00
Code Issues Projects Releases Wiki Activity

Improved conversation controller security checks

Browse Source
This commit is contained in:
Pierre 2017-12-25 09:20:22 +01:00
parent b4edf378b3
commit 4f605ea4dd
1 changed files with 3 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
RestControllers/conversationsController.php
View File

@ -166,21 +166,15 @@ class conversationsController{
user_login_required(); user_login_required();
//Check for parametres
if(!isset($_POST['otherUser']))
Rest_fatal_error(400, "Please check your parametres !");
//Extract parametres //Extract parametres
$otherUser = toInt($_POST['otherUser']); $otherUser = getPostUserID('otherUser');
//Check if we are allowed to create a conversation or not
if(isset($_POST["allowCreate"])) if(isset($_POST["allowCreate"]))
$allowCreate = $_POST["allowCreate"] == "true" ? true : false; $allowCreate = $_POST["allowCreate"] == "true" ? true : false;
else else
$allowCreate = false; $allowCreate = false;
//Check the user exists
if(!CS::get()->components->user->exists($otherUser))
Rest_fatal_error(400, "Specified user does not exist !");
//Search the database //Search the database
$results = CS::get()->components->conversations->findPrivate(userID, $otherUser); $results = CS::get()->components->conversations->findPrivate(userID, $otherUser);