Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge remote-tracking branch 'holman/fix-user-edit-injection' into v4.1

  • Loading branch information...
commit 4f948ba3afaaeb616006cbabc85906ef3254169d 2 parents 77e2ad9 + 1ee5e12
@petrjasek petrjasek authored
View
11 newscoop/application/modules/admin/controllers/LanguagesController.php
@@ -120,11 +120,16 @@ public function deleteAction()
*/
private function getLanguage()
{
- $id = $this->getRequest()->getParam('language');
- $language = $this->repository->find($id);
+ $id = (int) $this->getRequest()->getParam('language');
+ if (!$id) {
+ $this->_helper->flashMessenger(array('error', getGS('Language id not specified')));
+ $this->_helper->redirector('index');
+ }
+
+ $language = $this->repository->findOneBy(array('id' => $id));
if (empty($language)) {
$this->_helper->flashMessenger->addMessage(getGS('Language not found.'));
- $this->_forward('index');
+ $this->_helper->redirector('index');
}
return $language;
View
2  newscoop/application/modules/admin/controllers/UserController.php
@@ -281,7 +281,7 @@ public function editPasswordAction()
*/
protected function getUser()
{
- $id = $this->_getParam('user', false);
+ $id = (int) $this->_getParam('user', false);
if (!$id) {
$this->_helper->flashMessenger(array('error', getGS('User id not specified')));
$this->_helper->redirector('index');
Please sign in to comment.
Something went wrong with that request. Please try again.