mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-27 15:59:29 +00:00
Improved security check for friendID
This commit is contained in:
parent
263d1ee8e2
commit
b4edf378b3
@ -37,20 +37,8 @@ class friendsController{
|
|||||||
public function sendRequest(){
|
public function sendRequest(){
|
||||||
user_login_required(); //Login required
|
user_login_required(); //Login required
|
||||||
|
|
||||||
//Check parametres
|
//Get target ID
|
||||||
if(!isset($_POST["friendID"]))
|
$friendID = getPostUserID('friendID');
|
||||||
Rest_fatal_error(400, "Please specify a user ID !");
|
|
||||||
|
|
||||||
//Extract informations and process request
|
|
||||||
$friendID = toInt($_POST['friendID']);
|
|
||||||
|
|
||||||
//Check friendID validity
|
|
||||||
if(!check_user_id($friendID))
|
|
||||||
Rest_fatal_error(401, "The user ID you specified is invalid !");
|
|
||||||
|
|
||||||
//Check if the user exists
|
|
||||||
if(!CS::get()->components->user->exists($friendID))
|
|
||||||
Rest_fatal_error(401, "Specifed user does not exist!");
|
|
||||||
|
|
||||||
//Check if the two persons are already friend
|
//Check if the two persons are already friend
|
||||||
if(CS::get()->components->friends->are_friend(userID, $friendID))
|
if(CS::get()->components->friends->are_friend(userID, $friendID))
|
||||||
@ -82,12 +70,8 @@ class friendsController{
|
|||||||
public function removeRequest(){
|
public function removeRequest(){
|
||||||
user_login_required(); //Login required
|
user_login_required(); //Login required
|
||||||
|
|
||||||
//Check parametres
|
//Get friendID
|
||||||
if(!isset($_POST["friendID"]))
|
$friendID = getPostUserID('friendID');
|
||||||
Rest_fatal_error(400, "Please specify a user ID !");
|
|
||||||
|
|
||||||
//Extract informations and process request
|
|
||||||
$friendID = toInt($_POST['friendID']);
|
|
||||||
|
|
||||||
//Check if the current user has sent a request to the other user
|
//Check if the current user has sent a request to the other user
|
||||||
if(!CS::get()->components->friends->sent_request(userID, $friendID))
|
if(!CS::get()->components->friends->sent_request(userID, $friendID))
|
||||||
@ -162,7 +146,7 @@ class friendsController{
|
|||||||
|
|
||||||
user_login_required(); //Login required
|
user_login_required(); //Login required
|
||||||
|
|
||||||
//Get it
|
//Get friendID
|
||||||
$friendID = getPostUserID('friendID');
|
$friendID = getPostUserID('friendID');
|
||||||
|
|
||||||
//Prepare the response
|
//Prepare the response
|
||||||
@ -215,10 +199,7 @@ class friendsController{
|
|||||||
user_login_required(); //Login required
|
user_login_required(); //Login required
|
||||||
|
|
||||||
//Check if the a friendID has been specified
|
//Check if the a friendID has been specified
|
||||||
if(!isset($_POST['friendID']))
|
$friendID = getPostUserID('friendID');
|
||||||
Rest_fatal_error(400, "Please specify a friend ID !");
|
|
||||||
|
|
||||||
$friendID = toInt($_POST['friendID']);
|
|
||||||
|
|
||||||
//Check if a follow status has been specified
|
//Check if a follow status has been specified
|
||||||
if(!isset($_POST['follow']))
|
if(!isset($_POST['follow']))
|
||||||
|
Loading…
Reference in New Issue
Block a user