Skip to content

Commit

Permalink
Checking that a user exists now requires to be logged in, prevent use…
Browse files Browse the repository at this point in the history 
…r enumeration
  • Loading branch information
@mattab
mattab committed Jan 8, 2014
1 parent 44eef27 commit 11db442
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions plugins/UsersManager/API.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -499,6 +499,9 @@ public function deleteUser($userLogin)
*/
public function userExists($userLogin)
{
Piwik::checkUserIsNotAnonymous();
Piwik::checkUserHasSomeViewAccess();

$count = Db::fetchOne("SELECT count(*)
FROM " . Common::prefixTable("user") . "
WHERE login = ?", $userLogin);
Expand Down

0 comments on commit 11db442

Please sign in to comment.