Chapril/date.chapril.org-framadate
Chapril/date.chapril.org-framadate
24
1
Fork 0
Code Issues Pull Requests Releases Activity

Remove POST['poll'] access

Browse Source
This commit is contained in:
Antonin 2015-04-07 17:09:18 +02:00
parent 16143d4ac8
commit 213980e807
2 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
adminstuds.php
View File

@ -46,12 +46,8 @@ $inputService = new InputService();
/* PAGE */ /* PAGE */
/* ---- */ /* ---- */
if (!empty($_POST['poll']) || !empty($_GET['poll'])) { if (!empty($_GET['poll'])) {
if (!empty($_POST['poll'])) $admin_poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$inputType = INPUT_POST;
else
$inputType = INPUT_GET;
$admin_poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
if (strlen($admin_poll_id) === 24) { if (strlen($admin_poll_id) === 24) {
$poll_id = substr($admin_poll_id, 0, 16); $poll_id = substr($admin_poll_id, 0, 16);
$poll = $pollService->findById($poll_id); $poll = $pollService->findById($poll_id);

12
studs.php
View File

@ -92,13 +92,11 @@ function sendUpdateNotification($poll, $mailService, $name, $type) {
/* PAGE */ /* PAGE */
/* ---- */ /* ---- */
if (!empty($_POST['poll']) || !empty($_GET['poll'])) { if (!empty($_GET['poll'])) {
if (!empty($_POST['poll'])) $poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$inputType = INPUT_POST; if (strlen($poll_id) === 16) {
else $poll = $pollService->findById($poll_id);
$inputType = INPUT_GET; }
$poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
$poll = $pollService->findById($poll_id);
} }
if (!$poll) { if (!$poll) {