From 00ae62059b8f3a49087fda317e78ba26dd96d9d3 Mon Sep 17 00:00:00 2001
From: Ryan Cramer <ryan@processwire.com>
Date: Fri, 24 May 2024 14:49:48 -0400
Subject: [PATCH] Various minor updates in ProcessProfile

---
 .../ProcessProfile/ProcessProfile.module      | 24 +++++++++++--------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/wire/modules/Process/ProcessProfile/ProcessProfile.module b/wire/modules/Process/ProcessProfile/ProcessProfile.module
index 5e7a5576..5fe1b482 100644
--- a/wire/modules/Process/ProcessProfile/ProcessProfile.module
+++ b/wire/modules/Process/ProcessProfile/ProcessProfile.module
@@ -3,7 +3,7 @@
 /**
  * ProcessWire User Profile Editor
  *
- * ProcessWire 3.x, Copyright 2021 by Ryan Cramer
+ * ProcessWire 3.x, Copyright 2024 by Ryan Cramer
  * https://processwire.com
  *
  * @property array $profileFields Names of fields user is allowed to edit in their profile
@@ -63,9 +63,11 @@ class ProcessProfile extends Process implements ConfigurableModule, WirePageEdit
 	 * 
 	 */
 	public function ___execute() {
+		$input = $this->wire()->input;
+		$config = $this->wire()->config;
 		
 		$fieldName = '';
-		if(isset($_SERVER['HTTP_X_FIELDNAME'])) {
+		if(isset($_SERVER['HTTP_X_FIELDNAME']) && $input->requestMethod('POST') && $config->ajax) {
 			$fieldName = $this->wire()->sanitizer->fieldName($_SERVER['HTTP_X_FIELDNAME']);
 		}
 
@@ -73,7 +75,7 @@ class ProcessProfile extends Process implements ConfigurableModule, WirePageEdit
 		$this->headline($this->_("Profile:") . ' ' . $this->user->name); // Primary Headline (precedes the username)
 		$form = $this->buildForm($fieldName);
 		
-		if($this->wire()->input->post('submit_save_profile') || $fieldName) {
+		if($input->post('submit_save_profile') || $fieldName) {
 			$this->processInput($form, $fieldName); 
 			if($fieldName) {
 				// no need to redirect
@@ -96,9 +98,9 @@ class ProcessProfile extends Process implements ConfigurableModule, WirePageEdit
 	 */
 	protected function buildForm($fieldName = '') {
 	
-		/** @var User $user */
 		$user = $this->user;
 		$modules = $this->wire()->modules;
+		$config = $this->wire()->config;
 
 		/** @var InputfieldForm $form */
 		$form = $modules->get('InputfieldForm');
@@ -117,7 +119,7 @@ class ProcessProfile extends Process implements ConfigurableModule, WirePageEdit
 		$passRequired = false;
 		// Inputfields where password is required to change
 		$passRequiredInputfields = array();
-		$this->wire()->config->js('ProcessProfile', array(
+		$config->js('ProcessProfile', array(
 			'passRequiredAlert' => $this->_('For security, please enter your current password to save these changes:')
 		));
 		
@@ -141,17 +143,16 @@ class ProcessProfile extends Process implements ConfigurableModule, WirePageEdit
 		}
 
 		foreach($user->fields as $field) {
+			/** @var Field $field */
 			if($field->name == 'roles' || !in_array($field->name, $this->profileFields)) continue;
 			if($fieldName && $field->name !== $fieldName) continue;
-			/** @var Field $field */
 			$field = $user->fields->getFieldContext($field);
-			/** @var Inputfield $inputfield */
 			$inputfield = $field->getInputfield($user);
 			if(!$inputfield) continue;
 			$inputfield->value = $user->get($field->name);
 			
 			if($field->name === 'admin_theme') {
-				if(!$inputfield->value) $inputfield->value = $this->wire('config')->defaultAdminTheme;
+				if(!$inputfield->value) $inputfield->value = $config->defaultAdminTheme;
 				
 			} else if($field->type instanceof FieldtypeImage) {
 				if(!$user->hasPermission('page-edit-images', $user)) {
@@ -225,6 +226,9 @@ class ProcessProfile extends Process implements ConfigurableModule, WirePageEdit
 		$user = $this->user; 
 		$input = $this->wire()->input;
 		$languages = $this->wire()->languages;
+		
+		$this->wire()->session->CSRF()->validate();
+		
 		$form->processInput($input->post);
 
 		if(count($form->getErrors())) {
@@ -257,6 +261,7 @@ class ProcessProfile extends Process implements ConfigurableModule, WirePageEdit
 		}
 
 		foreach($user->fields as $field) {
+			/** @var Field $field */
 
 			if($field->name == 'roles' || !in_array($field->name, $this->profileFields)) continue;
 			if($fieldName && $field->name !== $fieldName) continue; 
@@ -469,9 +474,8 @@ class ProcessProfile extends Process implements ConfigurableModule, WirePageEdit
 	 * 
 	 */
 	public function getPage() {
-		return $this->wire()->user;
+		return $this->user ? $this->user : $this->wire()->user;
 	}
 
 
 }
-