Permalink
Browse files

Merge remote-tracking branch 'holman/fix-user-edit-injection' into v4.1

  • Loading branch information...
2 parents 77e2ad9 + 1ee5e12 commit 4f948ba3afaaeb616006cbabc85906ef3254169d @petrjasek petrjasek committed Jan 31, 2013
@@ -120,11 +120,16 @@ public function deleteAction()
*/
private function getLanguage()
{
- $id = $this->getRequest()->getParam('language');
- $language = $this->repository->find($id);
+ $id = (int) $this->getRequest()->getParam('language');
+ if (!$id) {
+ $this->_helper->flashMessenger(array('error', getGS('Language id not specified')));
+ $this->_helper->redirector('index');
+ }
+
+ $language = $this->repository->findOneBy(array('id' => $id));
if (empty($language)) {
$this->_helper->flashMessenger->addMessage(getGS('Language not found.'));
- $this->_forward('index');
+ $this->_helper->redirector('index');
}
return $language;
@@ -281,7 +281,7 @@ public function editPasswordAction()
*/
protected function getUser()
{
- $id = $this->_getParam('user', false);
+ $id = (int) $this->_getParam('user', false);
if (!$id) {
$this->_helper->flashMessenger(array('error', getGS('User id not specified')));
$this->_helper->redirector('index');

0 comments on commit 4f948ba

Please sign in to comment.