chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adding security when editing a profile, to avoid form spoofing

Browse Source
skala
Julio Montoya 15 years ago
parent 294db28b20
commit cf1f3fe508
2 changed files with 30 additions and 14 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 11
      main/auth/inscription.php
  2. 33
      main/auth/profile.php

11
main/auth/inscription.php
Unescape View File

@ -400,8 +400,7 @@ if ($form->validate()) {
// Added by Ivan Tcholakov, 06-MAR-2008. // Added by Ivan Tcholakov, 06-MAR-2008.
if (empty($values['official_code'])) { if (empty($values['official_code'])) {
$values['official_code'] = api_strtoupper($values['username']); $values['official_code'] = api_strtoupper($values['username']);
} }
//
// creating a new user // creating a new user
$user_id = UserManager::create_user($values['firstname'], $values['lastname'], $values['status'], $values['email'], $values['username'], $values['pass1'], $values['official_code'], $values['language'], $values['phone'], $picture_uri); $user_id = UserManager::create_user($values['firstname'], $values['lastname'], $values['status'], $values['email'], $values['username'], $values['pass1'], $values['official_code'], $values['language'], $values['phone'], $picture_uri);
@ -418,16 +417,15 @@ if ($form->validate()) {
} }
} }
} }
// Register extra fields // Register extra fields
$extras = array(); $extras = array();
foreach ($values as $key => $value) { foreach ($values as $key => $value) {
if (substr($key, 0, 6) == 'extra_') { //an extra field if (substr($key, 0, 6) == 'extra_') { //an extra field
$extras[substr($key,6)] = $value; $extras[substr($key,6)] = $value;
} else {
$sql .= " $key = '".Database::escape_string($value)."',";
} }
} }
//update the extra fields //update the extra fields
$count_extra_field = count($extras); $count_extra_field = count($extras);
if ($count_extra_field > 0) { if ($count_extra_field > 0) {
@ -464,8 +462,7 @@ if ($form->validate()) {
// if there is a default duration of a valid account then we have to change the expiration_date accordingly // if there is a default duration of a valid account then we have to change the expiration_date accordingly
if (api_get_setting('account_valid_duration') != '') { if (api_get_setting('account_valid_duration') != '') {
$sql = "UPDATE ".Database::get_main_table(TABLE_MAIN_USER)." $sql = "UPDATE ".Database::get_main_table(TABLE_MAIN_USER)." SET expiration_date='registration_date+1' WHERE user_id='".$user_id."'";
SET expiration_date='registration_date+1' WHERE user_id='".$user_id."'";
Database::query($sql); Database::query($sql);
} }

33
main/auth/profile.php
Unescape View File

@ -569,6 +569,7 @@ if (!empty($_SESSION['change_email'])) {
$upload_production_success = ($_SESSION['production_uploaded'] == 'success'); $upload_production_success = ($_SESSION['production_uploaded'] == 'success');
unset($_SESSION['production_uploaded']); unset($_SESSION['production_uploaded']);
} }
if ($form->validate()) { if ($form->validate()) {
@ -623,8 +624,7 @@ if ($form->validate()) {
} }
$form->removeElement('productions_list'); $form->removeElement('productions_list');
$file_deleted = true; $file_deleted = true;
} }
// upload production if a new one is provided // upload production if a new one is provided
if ($_FILES['production']['size']) { if ($_FILES['production']['size']) {
@ -649,6 +649,23 @@ if ($form->validate()) {
$user_data['openid'] = 'http://'.$my_user_openid; $user_data['openid'] = 'http://'.$my_user_openid;
} }
$extras = array(); $extras = array();
//Only update values that are request by the "profile" setting
$profile_list = api_get_setting('profile');
$available_values_to_modify = array();
foreach($profile_list as $key => $status) {
if ($status == 'true') {
if ($key == 'name') {
$available_values_to_modify[] = 'firstname';
$available_values_to_modify[] = 'lastname';
} else {
$available_values_to_modify[] = $key;
}
}
}
// build SQL query // build SQL query
$sql = "UPDATE $table_user SET"; $sql = "UPDATE $table_user SET";
unset($user_data['api_key_generate']); unset($user_data['api_key_generate']);
@ -670,24 +687,26 @@ if ($form->validate()) {
$extras[$new_key] = $value; $extras[$new_key] = $value;
} }
} else { } else {
$sql .= " $key = '".Database::escape_string($value)."',"; if (in_array($key, $available_values_to_modify)) {
$sql .= " $key = '".Database::escape_string($value)."',";
}
} }
} }
//changue email //changue email
if (isset($changeemail) && !isset($password) ) { if (isset($changeemail) && !isset($password) && in_array('email', $available_values_to_modify)) {
$sql .= " email = '".Database::escape_string($changeemail)."' "; $sql .= " email = '".Database::escape_string($changeemail)."' ";
} elseif (isset($password) && isset($changeemail)) { } elseif (isset($password) && isset($changeemail) && in_array('email', $available_values_to_modify) && in_array('password', $available_values_to_modify)) {
$sql .= " email = '".Database::escape_string($changeemail)."', "; $sql .= " email = '".Database::escape_string($changeemail)."', ";
$password = api_get_encrypted_password($password); $password = api_get_encrypted_password($password);
$sql .= " password = '".Database::escape_string($password)."'"; $sql .= " password = '".Database::escape_string($password)."'";
} elseif (isset($password) && !isset($changeemail)) { } elseif (isset($password) && !isset($changeemail) && in_array('password', $available_values_to_modify)) {
$password = api_get_encrypted_password($password); $password = api_get_encrypted_password($password);
$sql .= " password = '".Database::escape_string($password)."'"; $sql .= " password = '".Database::escape_string($password)."'";
} else { } else {
// remove trailing , from the query we have so far // remove trailing , from the query we have so far
$sql = rtrim($sql, ','); $sql = rtrim($sql, ',');
} }
$sql .= " WHERE user_id = '".api_get_user_id()."'"; $sql .= " WHERE user_id = '".api_get_user_id()."'";
Database::query($sql); Database::query($sql);

Write Preview
Loading…
Cancel
Save