mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-23 13:59:29 +00:00
Improved security of "sendRequest" method
This commit is contained in:
parent
e8b448ea86
commit
bdf47b9c26
@ -44,6 +44,14 @@ class friendsController{
|
||||
//Extract informations and process request
|
||||
$friendID = toInt($_POST['friendID']);
|
||||
|
||||
//Check friendID validity
|
||||
if(!check_user_id($friendID))
|
||||
Rest_fatal_error(401, "The user ID you specified is invalid !");
|
||||
|
||||
//Check if the user exists
|
||||
if(!CS::get()->components->user->exists($friendID))
|
||||
Rest_fatal_error(401, "Specifed user does not exist!");
|
||||
|
||||
//Check if the two persons are already friend
|
||||
if(CS::get()->components->friends->are_friend(userID, $friendID))
|
||||
Rest_fatal_error(401, "The two personns are already friend !");
|
||||
|
@ -295,7 +295,7 @@ class User{
|
||||
* @param Integer $userID The ID of the user to check
|
||||
* @return Boolean Depends of the existence of the user
|
||||
*/
|
||||
public function exists($userID){
|
||||
public function exists(int $userID) : bool {
|
||||
//Perform a request on the database
|
||||
$tableName = $this->userTable;
|
||||
$condition = "WHERE ID = ?";
|
||||
|
@ -119,4 +119,18 @@ function safe_for_sql(string $input) : string {
|
||||
|
||||
return $input;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Check a given user ID
|
||||
*
|
||||
* @param int $userID The user ID to check
|
||||
* @return bool True if userID is valid, false else
|
||||
*/
|
||||
function check_user_id(int $userID) : bool {
|
||||
|
||||
if($userID < 1)
|
||||
return false; //Invalid
|
||||
|
||||
return true; //Valid
|
||||
}
|
Loading…
Reference in New Issue
Block a user