mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-16 13:24:11 +02:00
Code Issues Releases Wiki Activity

Compare commits

base: mirror:v0.1.0-beta.7
Branches Tags
mirror:master mirror:2.x mirror:1.x mirror:dk/info-v2 mirror:dependabot/npm_and_yarn/nanoid-3.3.8 mirror:sm/lower-reqs mirror:main mirror:sm/jas-no-fork mirror:dk/json-api-initialization mirror:dk/email-verification-prevention mirror:sqlite-driver mirror:dk/2.x-db-support mirror:sm/package-manager mirror:sm/itemlist-component-- mirror:sm/approval-event-always-triggered mirror:sm/laravel-http--- mirror:tk/3787-flags-pagination mirror:dk/DISCUSS-19C mirror:dk/no-one-permission mirror:release/v1.7.2 mirror:sm/qa-flag-fix mirror:sm/fulltext-scoring-issues mirror:sm/prioritize-title-search-score mirror:cw/conditional-migrations mirror:release/v1.6.2 mirror:sm/let-errors-be-handled-outside-api-client mirror:im/approval-permission-fix mirror:dk/assets-handling mirror:sm/3504-fix-conflicts-with-sort-fields mirror:dk/likes/load-only-necessary-likes mirror:dk/bundle-notifications mirror:as/code-monorepo-references mirror:as/better-dist-typings mirror:dk/20220324-performance-test mirror:as/postnumber_gen_via_subquery mirror:as/fix-php-in-prs mirror:as/yarn-workspace-ci-test mirror:as/v1.2.1-release mirror:as/monorepo-ts mirror:dw/docs-url-updates mirror:dk/fix-timezone-error mirror:dw/drop-bootstrap-modals mirror:dw/less-format mirror:dw/remove-less-prefixes mirror:dw/sidenav-scroll mirror:dw/fix-post-classes-empty mirror:dw/consistent-empty-returns mirror:as/writable-paths-meta mirror:as/dropdown-to-typescript mirror:dw/3020-convert-link-to-button mirror:dw/2.0-use-itemlist-for-search mirror:v1.1.1 mirror:as/safe-mode-feature mirror:sm/2785-escape-like-string mirror:as/api-client-exceptions mirror:dk/advanced-settings-pane mirror:dk/improve-document-extensibility mirror:ds/discussion-list-pagination-ui mirror:dk/2890-versioned-migrations mirror:as/export-registry mirror:dk/2836-translations-in-cli mirror:ck/code-splitting mirror:dk/harden-formatter mirror:as/support-webpack-5 mirror:as/frontend_error_handler mirror:ck/floating-discussion mirror:ck/ux-scrubber mirror:ds/discussion-list-pagination-improvements mirror:as/run-tests-in-process-isolation mirror:urlgenerator-toresource mirror:as/deprecate_modelisprivate mirror:as/search-filter-split mirror:cw/drop-model-object-assign mirror:as/discussionpage-dont-scroll-in-response-to-changed-url mirror:as/cleanup-reoninit mirror:mithril-2-archive mirror:post_stream_franz mirror:dk/1236-user-preferences mirror:as/comment_post_component_state mirror:as/search_source_state_extraction mirror:ds/frontend-framework-rewrite-mithril mirror:ds/1820-seo-accessibility mirror:1236-user-preferences mirror:ds/actions-cache mirror:fl/frontend-extender mirror:0.1.0-beta.7 mirror:next-front
mirror:v2.0.0-beta.3 mirror:v1.8.10 mirror:v2.0.0-beta.2 mirror:v2.0.0-beta.1 mirror:v1.8.9 mirror:v1.8.8 mirror:v1.8.7 mirror:v1.8.6 mirror:v1.8.5 mirror:v1.8.3 mirror:v1.8.2 mirror:v1.8.1 mirror:v1.8.0 mirror:v1.7.1 mirror:v1.7.0 mirror:v1.6.3 mirror:v1.6.2 mirror:v1.6.1 mirror:v1.6.0 mirror:v1.5.0 mirror:v1.4.0 mirror:v1.3.1 mirror:v1.3.0 mirror:v1.2.1 mirror:v1.2.0 mirror:v1.1.1 mirror:v1.1.0 mirror:v1.0.4 mirror:v1.0.3 mirror:v1.0.2 mirror:v1.0.1 mirror:v1.0.0 mirror:v0.1.0-beta.16 mirror:v0.1.0-beta.15 mirror:v0.1.0-beta.14.1 mirror:v0.1.0-beta.14 mirror:v0.1.0-beta.13 mirror:v0.1.0-beta.12 mirror:v0.1.0-beta.11.1 mirror:v0.1.0-beta.11 mirror:v0.1.0-beta.10 mirror:v0.1.0-beta.9 mirror:v0.1.0-beta.8.2 mirror:v0.1.0-beta.8.1 mirror:v0.1.0-beta.8 mirror:v0.1.0-beta.7.2 mirror:v0.1.0-beta.7.1 mirror:v0.1.0-beta.7 mirror:v0.1.0-beta.6 mirror:v0.1.0-beta.5 mirror:v0.1.0-beta.4 mirror:v0.1.0-beta.3 mirror:v0.1.0-beta.2 mirror:v0.1.0-beta
..
compare: mirror:v0.1.0-beta.7.2
Branches Tags
mirror:2.x mirror:1.x mirror:dk/info-v2 mirror:dependabot/npm_and_yarn/nanoid-3.3.8 mirror:sm/lower-reqs mirror:main mirror:sm/jas-no-fork mirror:dk/json-api-initialization mirror:dk/email-verification-prevention mirror:sqlite-driver mirror:dk/2.x-db-support mirror:sm/package-manager mirror:sm/itemlist-component-- mirror:sm/approval-event-always-triggered mirror:sm/laravel-http--- mirror:tk/3787-flags-pagination mirror:dk/DISCUSS-19C mirror:dk/no-one-permission mirror:release/v1.7.2 mirror:sm/qa-flag-fix mirror:sm/fulltext-scoring-issues mirror:sm/prioritize-title-search-score mirror:cw/conditional-migrations mirror:release/v1.6.2 mirror:sm/let-errors-be-handled-outside-api-client mirror:im/approval-permission-fix mirror:dk/assets-handling mirror:sm/3504-fix-conflicts-with-sort-fields mirror:dk/likes/load-only-necessary-likes mirror:dk/bundle-notifications mirror:as/code-monorepo-references mirror:as/better-dist-typings mirror:dk/20220324-performance-test mirror:as/postnumber_gen_via_subquery mirror:as/fix-php-in-prs mirror:as/yarn-workspace-ci-test mirror:as/v1.2.1-release mirror:master mirror:as/monorepo-ts mirror:dw/docs-url-updates mirror:dk/fix-timezone-error mirror:dw/drop-bootstrap-modals mirror:dw/less-format mirror:dw/remove-less-prefixes mirror:dw/sidenav-scroll mirror:dw/fix-post-classes-empty mirror:dw/consistent-empty-returns mirror:as/writable-paths-meta mirror:as/dropdown-to-typescript mirror:dw/3020-convert-link-to-button mirror:dw/2.0-use-itemlist-for-search mirror:v1.1.1 mirror:as/safe-mode-feature mirror:sm/2785-escape-like-string mirror:as/api-client-exceptions mirror:dk/advanced-settings-pane mirror:dk/improve-document-extensibility mirror:ds/discussion-list-pagination-ui mirror:dk/2890-versioned-migrations mirror:as/export-registry mirror:dk/2836-translations-in-cli mirror:ck/code-splitting mirror:dk/harden-formatter mirror:as/support-webpack-5 mirror:as/frontend_error_handler mirror:ck/floating-discussion mirror:ck/ux-scrubber mirror:ds/discussion-list-pagination-improvements mirror:as/run-tests-in-process-isolation mirror:urlgenerator-toresource mirror:as/deprecate_modelisprivate mirror:as/search-filter-split mirror:cw/drop-model-object-assign mirror:as/discussionpage-dont-scroll-in-response-to-changed-url mirror:as/cleanup-reoninit mirror:mithril-2-archive mirror:post_stream_franz mirror:dk/1236-user-preferences mirror:as/comment_post_component_state mirror:as/search_source_state_extraction mirror:ds/frontend-framework-rewrite-mithril mirror:ds/1820-seo-accessibility mirror:1236-user-preferences mirror:ds/actions-cache mirror:fl/frontend-extender mirror:0.1.0-beta.7 mirror:next-front
mirror:v2.0.0-beta.3 mirror:v1.8.10 mirror:v2.0.0-beta.2 mirror:v2.0.0-beta.1 mirror:v1.8.9 mirror:v1.8.8 mirror:v1.8.7 mirror:v1.8.6 mirror:v1.8.5 mirror:v1.8.3 mirror:v1.8.2 mirror:v1.8.1 mirror:v1.8.0 mirror:v1.7.1 mirror:v1.7.0 mirror:v1.6.3 mirror:v1.6.2 mirror:v1.6.1 mirror:v1.6.0 mirror:v1.5.0 mirror:v1.4.0 mirror:v1.3.1 mirror:v1.3.0 mirror:v1.2.1 mirror:v1.2.0 mirror:v1.1.1 mirror:v1.1.0 mirror:v1.0.4 mirror:v1.0.3 mirror:v1.0.2 mirror:v1.0.1 mirror:v1.0.0 mirror:v0.1.0-beta.16 mirror:v0.1.0-beta.15 mirror:v0.1.0-beta.14.1 mirror:v0.1.0-beta.14 mirror:v0.1.0-beta.13 mirror:v0.1.0-beta.12 mirror:v0.1.0-beta.11.1 mirror:v0.1.0-beta.11 mirror:v0.1.0-beta.10 mirror:v0.1.0-beta.9 mirror:v0.1.0-beta.8.2 mirror:v0.1.0-beta.8.1 mirror:v0.1.0-beta.8 mirror:v0.1.0-beta.7.2 mirror:v0.1.0-beta.7.1 mirror:v0.1.0-beta.7 mirror:v0.1.0-beta.6 mirror:v0.1.0-beta.5 mirror:v0.1.0-beta.4 mirror:v0.1.0-beta.3 mirror:v0.1.0-beta.2 mirror:v0.1.0-beta

3 Commits
v0.1.0-bet ... v0.1.0-bet

Author SHA1 Message Date
Toby Zerner
5bcf72dd49 Bump version 2018-11-09 21:22:11 +10:30
Toby Zerner
0536b208e1 Fix leak of private information when updating users 2018-11-09 21:21:21 +10:30
Clark Winkelmann
c6aeeeb3c1 Always apply attributes from token when registering 
The change introduced in #1033 transformed any identification attribute returned from an OAuth provider to just a default value.

When the identification attribute used by the provider is the email or username, this allowed the user to supply a different email or username and still getting an already-enabled account with the credentials he entered.

Skipping attributes with an existing value makes no sense here because it's a always a fresh user and values from AbstractOAuth2Controller::getIdentification() should always be enforced.
 2018-01-06 20:04:42 +10:30
3 changed files with 9 additions and 5 deletions
Expand all files Collapse all files

8
src/Api/Controller/UpdateUserController.php
View File

@@ -11,6 +11,8 @@
namespace Flarum\Api\Controller;
use Flarum\Api\Serializer\CurrentUserSerializer;
use Flarum\Api\Serializer\UserSerializer;
use Flarum\Core\Command\EditUser;
use Flarum\Core\Exception\PermissionDeniedException;
use Illuminate\Contracts\Bus\Dispatcher;
@@ -22,7 +24,7 @@ class UpdateUserController extends AbstractResourceController
/**
* {@inheritdoc}
*/
public $serializer = 'Flarum\Api\Serializer\CurrentUserSerializer';
public $serializer = UserSerializer::class;
/**
* {@inheritdoc}
@@ -51,6 +53,10 @@ class UpdateUserController extends AbstractResourceController
$actor = $request->getAttribute('actor');
$data = array_get($request->getParsedBody(), 'data', []);
if ($actor->id == $id) {
$this->serializer = CurrentUserSerializer::class;
}
// Require the user's current password if they are attempting to change
// their own email address.
if (isset($data['attributes']['email']) && $actor->id == $id) {

4
src/Core/Command/RegisterUserHandler.php
View File

@@ -116,9 +116,7 @@ class RegisterUserHandler
// from the get-go.
if (isset($token)) {
foreach ($token->payload as $k => $v) {
if (in_array($user->$k, ['', null], true)) {
$user->$k = $v;
}
$user->$k = $v;
}
if (isset($token->payload['email'])) {

2
src/Foundation/Application.php
View File

@@ -25,7 +25,7 @@ class Application extends Container implements ApplicationContract
*
* @var string
*/
const VERSION = '0.1.0-beta.7';
const VERSION = '0.1.0-beta.7.2';
/**
* The base path for the Flarum installation.