mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-06 06:38:00 +02:00
Code Issues Releases Wiki Activity

Extra checks added.

Browse Source
This commit is contained in:
Cameron
2016-06-22 13:52:07 -07:00
parent 6fc2969577
commit 6a306323d4
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
usersettings.php
View File

@@ -346,13 +346,15 @@ e107::getMessage()->addDebug("<h5>Posted Changes</h5>".print_a($changedUserData,
} }
} }
} // End - update setttings } // End - update setttings
elseif (isset($_POST['SaveValidatedInfo'])) elseif (isset($_POST['SaveValidatedInfo'])) // Next bit only valid if user editing their own data
{ // Next bit only valid if user editing their own data {
if (!$adminEdit && !empty($_POST['updated_data']) && !empty($_POST['currentpassword']) && !empty($_POST['updated_key'])) if (!$adminEdit && !empty($_POST['updated_data']) && !empty($_POST['currentpassword']) && !empty($_POST['updated_key']))
{ // Got some data confirmed with password entry { // Got some data confirmed with password entry
$new_data = base64_decode($_POST['updated_data']); $new_data = base64_decode($_POST['updated_data']);
if (md5($new_data) != $_POST['updated_key'])
{ // Should only happen if someone's fooling around // Should only happen if someone's fooling around
if (md5($new_data) != $_POST['updated_key'] || isset($new_data['user_admin']) || isset($new_data['user_perms']))
{
echo LAN_USET_42.'<br />'; echo LAN_USET_42.'<br />';
exit(); exit();
} }