mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-27 15:59:29 +00:00
Better security check in userController
This commit is contained in:
parent
4f605ea4dd
commit
d3cdad6572
@ -118,14 +118,7 @@ class userController
|
|||||||
public function getAdvancedInfos(){
|
public function getAdvancedInfos(){
|
||||||
|
|
||||||
//Get the ID of the target user
|
//Get the ID of the target user
|
||||||
if(!isset($_POST["userID"]))
|
$userID = getPostUserID("userID");
|
||||||
Rest_fatal_error(400, "Please specify a user ID!");
|
|
||||||
|
|
||||||
$userID = toInt($_POST["userID"]);
|
|
||||||
|
|
||||||
//Check if the user exists
|
|
||||||
if(!CS::get()->components->user->exists($userID))
|
|
||||||
Rest_fatal_error(404, "Specified user not found !");
|
|
||||||
|
|
||||||
//Check if the user is allowed to get advanced user infromations
|
//Check if the user is allowed to get advanced user infromations
|
||||||
if(!CS::get()->components->user->userAllowed(userID, $userID))
|
if(!CS::get()->components->user->userAllowed(userID, $userID))
|
||||||
|
Loading…
Reference in New Issue
Block a user