Skip to content
Permalink
Browse files Browse the repository at this point in the history
Filter variables when updating user profile
  • Loading branch information
fguillot committed Aug 12, 2017
1 parent 88dd6ab commit b79b18e
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 4 deletions.
6 changes: 5 additions & 1 deletion app/Controller/UserCredentialController.php
Expand Up @@ -44,7 +44,11 @@ public function savePassword()
list($valid, $errors) = $this->userValidator->validatePasswordModification($values);

if (! $this->userSession->isAdmin()) {
$values['id'] = $this->userSession->getId();
$values = array(
'id' => $this->userSession->getId(),
'password' => isset($values['password']) ? $values['password'] : '',
'confirmation' => isset($values['confirmation']) ? $values['confirmation'] : '',
);
}

if ($valid) {
Expand Down
11 changes: 8 additions & 3 deletions app/Controller/UserModificationController.php
Expand Up @@ -47,9 +47,14 @@ public function save()
$values = $this->request->getValues();

if (! $this->userSession->isAdmin()) {
if (isset($values['role'])) {
unset($values['role']);
}
$values = array(
'id' => $this->userSession->getId(),
'username' => isset($values['username']) ? $values['username'] : '',
'name' => isset($values['name']) ? $values['name'] : '',
'email' => isset($values['email']) ? $values['email'] : '',
'timezone' => isset($values['timezone']) ? $values['timezone'] : '',
'language' => isset($values['language']) ? $values['language'] : '',
);
}

list($valid, $errors) = $this->userValidator->validateModification($values);
Expand Down

0 comments on commit b79b18e

Please sign in to comment.