Remove POST['poll'] access
This commit is contained in:
parent
16143d4ac8
commit
213980e807
@ -46,12 +46,8 @@ $inputService = new InputService();
|
||||
/* PAGE */
|
||||
/* ---- */
|
||||
|
||||
if (!empty($_POST['poll']) || !empty($_GET['poll'])) {
|
||||
if (!empty($_POST['poll']))
|
||||
$inputType = INPUT_POST;
|
||||
else
|
||||
$inputType = INPUT_GET;
|
||||
$admin_poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
|
||||
if (!empty($_GET['poll'])) {
|
||||
$admin_poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
|
||||
if (strlen($admin_poll_id) === 24) {
|
||||
$poll_id = substr($admin_poll_id, 0, 16);
|
||||
$poll = $pollService->findById($poll_id);
|
||||
|
12
studs.php
12
studs.php
@ -92,13 +92,11 @@ function sendUpdateNotification($poll, $mailService, $name, $type) {
|
||||
/* PAGE */
|
||||
/* ---- */
|
||||
|
||||
if (!empty($_POST['poll']) || !empty($_GET['poll'])) {
|
||||
if (!empty($_POST['poll']))
|
||||
$inputType = INPUT_POST;
|
||||
else
|
||||
$inputType = INPUT_GET;
|
||||
$poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
|
||||
$poll = $pollService->findById($poll_id);
|
||||
if (!empty($_GET['poll'])) {
|
||||
$poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
|
||||
if (strlen($poll_id) === 16) {
|
||||
$poll = $pollService->findById($poll_id);
|
||||
}
|
||||
}
|
||||
|
||||
if (!$poll) {
|
||||
|
Loading…
Reference in New Issue
Block a user