Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-r6rp-6gv6-r9hq
Do not return sensitives data in the search customers handler
  • Loading branch information
PierreRambaud committed Apr 15, 2020
2 parents fc0625f + c8d9ac9 commit 27e49d8
Showing 1 changed file with 19 additions and 8 deletions.
27 changes: 19 additions & 8 deletions src/Adapter/Customer/QueryHandler/SearchCustomersHandler.php
Expand Up @@ -58,15 +58,26 @@ public function handle(SearchCustomers $query)
}

foreach ($customersResult as $customerArray) {
if ($customerArray['active']) {
$customerArray['fullname_and_email'] = sprintf(
'%s %s - %s',
$customerArray['firstname'],
$customerArray['lastname'],
$customerArray['email']
);
$customers[$customerArray['id_customer']] = $customerArray;
if (!$customerArray['active']) {
continue;
}

$customerArray['fullname_and_email'] = sprintf(
'%s %s - %s',
$customerArray['firstname'],
$customerArray['lastname'],
$customerArray['email']
);

unset(
$customerArray['passwd'],
$customerArray['secure_key'],
$customerArray['last_passwd_gen'],
$customerArray['reset_password_token'],
$customerArray['reset_password_validity']
);
$customers[$customerArray['id_customer']] = $customerArray;

}
}

Expand Down

0 comments on commit 27e49d8

Please sign in to comment.