Remove POST['poll'] access

This commit is contained in:
Antonin 2015-04-07 17:09:18 +02:00
parent 16143d4ac8
commit 213980e807
2 changed files with 7 additions and 13 deletions

View File

@ -46,12 +46,8 @@ $inputService = new InputService();
/* PAGE */
/* ---- */
if (!empty($_POST['poll']) || !empty($_GET['poll'])) {
if (!empty($_POST['poll']))
$inputType = INPUT_POST;
else
$inputType = INPUT_GET;
$admin_poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
if (!empty($_GET['poll'])) {
$admin_poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
if (strlen($admin_poll_id) === 24) {
$poll_id = substr($admin_poll_id, 0, 16);
$poll = $pollService->findById($poll_id);

View File

@ -92,13 +92,11 @@ function sendUpdateNotification($poll, $mailService, $name, $type) {
/* PAGE */
/* ---- */
if (!empty($_POST['poll']) || !empty($_GET['poll'])) {
if (!empty($_POST['poll']))
$inputType = INPUT_POST;
else
$inputType = INPUT_GET;
$poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$poll = $pollService->findById($poll_id);
if (!empty($_GET['poll'])) {
$poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
if (strlen($poll_id) === 16) {
$poll = $pollService->findById($poll_id);
}
}
if (!$poll) {