diff options
| author | Paul Arthur <paul.arthur@flowerysong.com> | 2013-02-07 16:34:21 -0500 |
|---|---|---|
| committer | Paul Arthur <paul.arthur@flowerysong.com> | 2013-02-07 16:36:44 -0500 |
| commit | 453a161a78acf07926a9ad7a8afef7cb07b23e7b (patch) | |
| tree | 17bc28a2fc5bb437ae5bcf3a049c24102c2903eb /lib/class/user.class.php | |
| parent | 266f7cea9bd51df298cc45fbb8abb39a1375acd2 (diff) | |
| download | ampache-453a161a78acf07926a9ad7a8afef7cb07b23e7b.tar.gz ampache-453a161a78acf07926a9ad7a8afef7cb07b23e7b.tar.bz2 ampache-453a161a78acf07926a9ad7a8afef7cb07b23e7b.zip | |
Scrub user data in User->update()
Fixes another persistent XSS vulnerability.
Diffstat (limited to 'lib/class/user.class.php')
| -rw-r--r-- | lib/class/user.class.php | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/lib/class/user.class.php b/lib/class/user.class.php index edc711e9..56ed97bc 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -396,7 +396,6 @@ class User extends database_object { * good stuff */ public function update($data) { - if (empty($data['username'])) { Error::add('username', T_('Error Username Required')); } @@ -409,14 +408,20 @@ class User extends database_object { return false; } - foreach ($data as $name=>$value) { + foreach ($data as $name => $value) { + if ($name == 'password1') { + $name = 'password'; + } + else { + $value = scrub_in($value); + } + switch ($name) { - case 'password1'; - $name = 'password'; + case 'password'; case 'access': case 'email': case 'username': - case 'fullname'; + case 'fullname': if ($this->$name != $value) { $function = 'update_' . $name; $this->$function($value); @@ -425,13 +430,11 @@ class User extends database_object { default: // Rien a faire break; - } // end switch on field - - } // end foreach + } + } return true; - - } // update + } /** * update_username |