Comunic/ComunicAPI
1
0
Fork 0
mirror of https://github.com/pierre42100/ComunicAPI synced 2024-11-23 22:09:29 +00:00
Code Issues Projects Releases Wiki Activity

Improved security check for friendID

Browse Source
This commit is contained in:
Pierre 2017-12-25 09:17:38 +01:00
parent 263d1ee8e2
commit b4edf378b3
1 changed files with 6 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
RestControllers/friendsController.php
View File

@ -37,20 +37,8 @@ class friendsController{
public function sendRequest(){ public function sendRequest(){
user_login_required(); //Login required user_login_required(); //Login required
//Check parametres //Get target ID
if(!isset($_POST["friendID"])) $friendID = getPostUserID('friendID');
Rest_fatal_error(400, "Please specify a user ID !");
//Extract informations and process request
$friendID = toInt($_POST['friendID']);
//Check friendID validity
if(!check_user_id($friendID))
Rest_fatal_error(401, "The user ID you specified is invalid !");
//Check if the user exists
if(!CS::get()->components->user->exists($friendID))
Rest_fatal_error(401, "Specifed user does not exist!");
//Check if the two persons are already friend //Check if the two persons are already friend
if(CS::get()->components->friends->are_friend(userID, $friendID)) if(CS::get()->components->friends->are_friend(userID, $friendID))
@ -82,12 +70,8 @@ class friendsController{
public function removeRequest(){ public function removeRequest(){
user_login_required(); //Login required user_login_required(); //Login required
//Check parametres //Get friendID
if(!isset($_POST["friendID"])) $friendID = getPostUserID('friendID');
Rest_fatal_error(400, "Please specify a user ID !");
//Extract informations and process request
$friendID = toInt($_POST['friendID']);
//Check if the current user has sent a request to the other user //Check if the current user has sent a request to the other user
if(!CS::get()->components->friends->sent_request(userID, $friendID)) if(!CS::get()->components->friends->sent_request(userID, $friendID))
@ -162,7 +146,7 @@ class friendsController{
user_login_required(); //Login required user_login_required(); //Login required
//Get it //Get friendID
$friendID = getPostUserID('friendID'); $friendID = getPostUserID('friendID');
//Prepare the response //Prepare the response
@ -215,10 +199,7 @@ class friendsController{
user_login_required(); //Login required user_login_required(); //Login required
//Check if the a friendID has been specified //Check if the a friendID has been specified
if(!isset($_POST['friendID'])) $friendID = getPostUserID('friendID');
Rest_fatal_error(400, "Please specify a friend ID !");
$friendID = toInt($_POST['friendID']);
//Check if a follow status has been specified //Check if a follow status has been specified
if(!isset($_POST['follow'])) if(!isset($_POST['follow']))