Better security check in userController

This commit is contained in:
Pierre 2017-12-25 09:21:54 +01:00
parent 4f605ea4dd
commit d3cdad6572

View File

@ -118,14 +118,7 @@ class userController
public function getAdvancedInfos(){ public function getAdvancedInfos(){
//Get the ID of the target user //Get the ID of the target user
if(!isset($_POST["userID"])) $userID = getPostUserID("userID");
Rest_fatal_error(400, "Please specify a user ID!");
$userID = toInt($_POST["userID"]);
//Check if the user exists
if(!CS::get()->components->user->exists($userID))
Rest_fatal_error(404, "Specified user not found !");
//Check if the user is allowed to get advanced user infromations //Check if the user is allowed to get advanced user infromations
if(!CS::get()->components->user->userAllowed(userID, $userID)) if(!CS::get()->components->user->userAllowed(userID, $userID))