Improved security of "sendRequest" method

RestControllers/friendsController.php

@@ -44,6 +44,14 @@ class friendsController{
 		//Extract informations and process request
 		$friendID = toInt($_POST['friendID']);
 
+		//Check friendID validity
+		if(!check_user_id($friendID))
+			Rest_fatal_error(401, "The user ID you specified is invalid !");
+		
+		//Check if the user exists
+		if(!CS::get()->components->user->exists($friendID))
+			Rest_fatal_error(401, "Specifed user does not exist!");
+
 		//Check if the two persons are already friend
 		if(CS::get()->components->friends->are_friend(userID, $friendID))
 			Rest_fatal_error(401, "The two personns are already friend !");

classes/components/user.php

@@ -295,7 +295,7 @@ class User{
 	 * @param Integer $userID The ID of the user to check
 	 * @return Boolean Depends of the existence of the user
 	 */
-	public function exists($userID){
+	public function exists(int $userID) : bool {
 		//Perform a request on the database
 		$tableName = $this->userTable;
 		$condition = "WHERE ID = ?";

functions/requests.php

@@ -119,4 +119,18 @@ function safe_for_sql(string $input) : string {
 
 	return $input;
 
+}
+
+/**
+ * Check a given user ID
+ * 
+ * @param int $userID The user ID to check
+ * @return bool True if userID is valid, false else
+ */
+function check_user_id(int $userID) : bool {
+
+	if($userID < 1)
+		return false; //Invalid
+
+	return true; //Valid
 }