mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-12-25 04:58:59 +00:00
Better security check in userController
This commit is contained in:
parent
4f605ea4dd
commit
d3cdad6572
@ -118,14 +118,7 @@ class userController
|
||||
public function getAdvancedInfos(){
|
||||
|
||||
//Get the ID of the target user
|
||||
if(!isset($_POST["userID"]))
|
||||
Rest_fatal_error(400, "Please specify a user ID!");
|
||||
|
||||
$userID = toInt($_POST["userID"]);
|
||||
|
||||
//Check if the user exists
|
||||
if(!CS::get()->components->user->exists($userID))
|
||||
Rest_fatal_error(404, "Specified user not found !");
|
||||
$userID = getPostUserID("userID");
|
||||
|
||||
//Check if the user is allowed to get advanced user infromations
|
||||
if(!CS::get()->components->user->userAllowed(userID, $userID))
|
||||
|
Loading…
Reference in New Issue
Block a user