From 1b20170a9366f58cf3422c2ebb23d42ae52d2386 Mon Sep 17 00:00:00 2001
From: Simon Leary <simon.leary42@proton.me>
Date: Fri, 19 Dec 2025 16:15:38 -0500
Subject: [PATCH] "tos" input should never be unspecified

---
 webroot/panel/account.php | 2 +-
 webroot/panel/groups.php  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/webroot/panel/account.php b/webroot/panel/account.php
index 3ab19508..7221abca 100644
--- a/webroot/panel/account.php
+++ b/webroot/panel/account.php
@@ -72,7 +72,7 @@
             if ($SQL->requestExists($USER->uid, UnitySQL::REQUEST_BECOME_PI)) {
                 UnityHTTPD::badRequest("already requested to be PI");
             }
-            if (!isset($_POST["tos"]) || $_POST["tos"] != "agree") {
+            if ($_POST["tos"] != "agree") {
                 UnityHTTPD::badRequest("user did not agree to terms of service");
             }
             $USER->getPIGroup()->requestGroup($SEND_PIMESG_TO_ADMINS);
diff --git a/webroot/panel/groups.php b/webroot/panel/groups.php
index 7fcceb16..41fc4524 100644
--- a/webroot/panel/groups.php
+++ b/webroot/panel/groups.php
@@ -30,7 +30,7 @@
         switch ($_POST["form_type"]) {
             case "addPIform":
                 $pi_account = $getPIGroupFromPost();
-                if (!isset($_POST["tos"]) || $_POST["tos"] != "agree") {
+                if ($_POST["tos"] != "agree") {
                     UnityHTTPD::badRequest("user did not agree to terms of service");
                 }
                 if ($pi_account->exists()) {