TerranQuest
/
Server
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve isManagerOf() error handling to prevent possible security bug

Browse Source
master
Skylar Ittner 6 years ago
parent abb306a36e
commit ce8e0fb4e3
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File

7
lib/userinfo.php
Unescape Escape View File

@ -1,4 +1,5 @@
<?php <?php
/** /**
* Get user info for the given username. * Get user info for the given username.
* @param int $u username * @param int $u username
@ -85,10 +86,10 @@ function isManagerOf($m, $e) {
$resp = json_decode($response->getBody(), TRUE); $resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return $resp['managerof']; return $resp['managerof'] === true;
} else { } else {
// this shouldn't happen, but in case it does just fake it. // this shouldn't happen, but in case it does just fake it.
return ["name" => $u, "username" => $u, "uid" => $u]; return false;
} }
} }
@ -119,4 +120,4 @@ function getManagedUIDs($manageruid) {
} else { } else {
return []; return [];
} }
} }

Write Preview
Loading…
Cancel
Save