Comunic/ComunicAPI
1
0
Fork 0
mirror of https://github.com/pierre42100/ComunicAPI synced 2024-11-23 22:09:29 +00:00
Code Issues Projects Releases Wiki Activity

Better security check in userController

Browse Source
This commit is contained in:
Pierre 2017-12-25 09:21:54 +01:00
parent 4f605ea4dd
commit d3cdad6572
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
RestControllers/userController.php
View File

@ -118,14 +118,7 @@ class userController
public function getAdvancedInfos(){ public function getAdvancedInfos(){
//Get the ID of the target user //Get the ID of the target user
if(!isset($_POST["userID"])) $userID = getPostUserID("userID");
Rest_fatal_error(400, "Please specify a user ID!");
$userID = toInt($_POST["userID"]);
//Check if the user exists
if(!CS::get()->components->user->exists($userID))
Rest_fatal_error(404, "Specified user not found !");
//Check if the user is allowed to get advanced user infromations //Check if the user is allowed to get advanced user infromations
if(!CS::get()->components->user->userAllowed(userID, $userID)) if(!CS::get()->components->user->userAllowed(userID, $userID))