Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge remote-tracking branch 'holman/fix-user-edit-injection' into v4.1
  • Loading branch information
petrjasek committed Jan 31, 2013
2 parents 77e2ad9 + 1ee5e12 commit 4f948ba
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
Expand Up @@ -120,11 +120,16 @@ public function deleteAction()
*/
private function getLanguage()
{
$id = $this->getRequest()->getParam('language');
$language = $this->repository->find($id);
$id = (int) $this->getRequest()->getParam('language');
if (!$id) {
$this->_helper->flashMessenger(array('error', getGS('Language id not specified')));
$this->_helper->redirector('index');
}

$language = $this->repository->findOneBy(array('id' => $id));
if (empty($language)) {
$this->_helper->flashMessenger->addMessage(getGS('Language not found.'));
$this->_forward('index');
$this->_helper->redirector('index');
}

return $language;
Expand Down
Expand Up @@ -281,7 +281,7 @@ public function editPasswordAction()
*/
protected function getUser()
{
$id = $this->_getParam('user', false);
$id = (int) $this->_getParam('user', false);
if (!$id) {
$this->_helper->flashMessenger(array('error', getGS('User id not specified')));
$this->_helper->redirector('index');
Expand Down

0 comments on commit 4f948ba

Please sign in to comment.