From d3cdad657228f370d265dcfc9f2b4887208165ca Mon Sep 17 00:00:00 2001 From: Pierre Date: Mon, 25 Dec 2017 09:21:54 +0100 Subject: [PATCH] Better security check in userController --- RestControllers/userController.php | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/RestControllers/userController.php b/RestControllers/userController.php index c5f0458..191852d 100644 --- a/RestControllers/userController.php +++ b/RestControllers/userController.php @@ -118,14 +118,7 @@ class userController public function getAdvancedInfos(){ //Get the ID of the target user - if(!isset($_POST["userID"])) - Rest_fatal_error(400, "Please specify a user ID!"); - - $userID = toInt($_POST["userID"]); - - //Check if the user exists - if(!CS::get()->components->user->exists($userID)) - Rest_fatal_error(404, "Specified user not found !"); + $userID = getPostUserID("userID"); //Check if the user is allowed to get advanced user infromations if(!CS::get()->components->user->userAllowed(userID, $userID))