Skip to content
Permalink
Browse files

Retrieve parameters from $_POST in UserPassword class

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>
  • Loading branch information...
mauriciofauth committed Nov 10, 2018
1 parent d745d1c commit d98b40281b0e8781918240b201b35758b474e595
Showing with 8 additions and 8 deletions.
  1. +8 −8 libraries/classes/UserPassword.php
@@ -61,16 +61,16 @@ public function setChangePasswordMsg()
$error = false;
$message = Message::success(__('The profile has been updated.'));
if (($_REQUEST['nopass'] != '1')) {
if (strlen($_REQUEST['pma_pw']) === 0 || strlen($_REQUEST['pma_pw2']) === 0) {
if (($_POST['nopass'] != '1')) {
if (strlen($_POST['pma_pw']) === 0 || strlen($_POST['pma_pw2']) === 0) {
$message = Message::error(__('The password is empty!'));
$error = true;
} elseif ($_REQUEST['pma_pw'] !== $_REQUEST['pma_pw2']) {
} elseif ($_POST['pma_pw'] !== $_POST['pma_pw2']) {
$message = Message::error(
__('The passwords aren\'t the same!')
);
$error = true;
} elseif (strlen($_REQUEST['pma_pw']) > 256) {
} elseif (strlen($_POST['pma_pw']) > 256) {
$message = Message::error(__('Password is too long!'));
$error = true;
}
@@ -98,10 +98,10 @@ public function changePassword($password, $message, array $change_password_messa
$serverType = Util::getServerType();
$serverVersion = $GLOBALS['dbi']->getVersion();
if (isset($_REQUEST['authentication_plugin'])
&& ! empty($_REQUEST['authentication_plugin'])
if (isset($_POST['authentication_plugin'])
&& ! empty($_POST['authentication_plugin'])
) {
$orig_auth_plugin = $_REQUEST['authentication_plugin'];
$orig_auth_plugin = $_POST['authentication_plugin'];
} else {
$orig_auth_plugin = Privileges::getCurrentAuthenticationPlugin(
'change', $username, $hostname
@@ -152,7 +152,7 @@ public function changePassword($password, $message, array $change_password_messa
private function changePassHashingFunction()
{
if (Core::isValid(
$_REQUEST['authentication_plugin'], 'identical', 'mysql_old_password'
$_POST['authentication_plugin'], 'identical', 'mysql_old_password'
)) {
$hashing_function = 'OLD_PASSWORD';
} else {

0 comments on commit d98b402

Please sign in to comment.
You can’t perform that action at this time.