mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-29 12:49:57 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

related to #1524 Input verification

Browse source
This commit is contained in:
Matthieu Leproux 2021-10-15 14:36:05 +02:00
parent b409841e0f
commit d8862e43ac
5 changed files with 60 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

8
include/ws_functions/pwg.groups.php
View file

@ -75,6 +75,10 @@ SELECT COUNT(*)
return new PwgError(WS_ERR_INVALID_PARAM, 'This name is already used by another group.');
}
if (strlen(str_replace( " ", "", $params['name'])) == 0) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Name field must not be empty');
}
// creating the group
single_insert(
GROUPS_TABLE,
@ -127,6 +131,10 @@ function ws_groups_setInfo($params, &$service)
return new PwgError(403, 'Invalid security token');
}
if (strlen(str_replace( " ", "", $params['name'])) == 0) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Name field must not be empty');
}
$updates = array();
// does the group exist ?

8
include/ws_functions/pwg.users.php
View file

@ -362,6 +362,10 @@ function ws_users_add($params, &$service)
return new PwgError(403, 'Invalid security token');
}
if (strlen(str_replace( " ", "", $params['username'])) == 0) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Name field must not be empty');
}
global $conf;
if ($conf['double_password_type_in_admin'])
@ -493,6 +497,10 @@ function ws_users_setInfo($params, &$service)
return new PwgError(403, 'Invalid security token');
}
if (strlen(str_replace( " ", "", $params['username'])) == 0) {
return new PwgError(WS_ERR_INVALID_PARAM, 'Name field must not be empty');
}
global $conf, $user;
include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');