gregjohnsonsince1987
/
BinStack
forked from Business/BinStack
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve isManagerOf() error handling to prevent possible security bug

Browse Source
master
Skylar Ittner 6 years ago
parent d749564a53
commit 112599d162
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File

4
lib/userinfo.php
Unescape Escape View File

@ -90,10 +90,10 @@ function isManagerOf($m, $e) {
$resp = json_decode($response->getBody(), TRUE); $resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return $resp['managerof']; return $resp['managerof'] === true;
} else { } else {
// this shouldn't happen, but in case it does just fake it. // this shouldn't happen, but in case it does just fake it.
return ["name" => $u, "username" => $u, "uid" => $u]; return false;
} }
} }

2
required.php
Unescape Escape View File

@ -82,7 +82,7 @@ function sendError($error) {
. "<h1>A fatal application error has occurred.</h1>" . "<h1>A fatal application error has occurred.</h1>"
. "<i>(This isn't your fault.)</i>" . "<i>(This isn't your fault.)</i>"
. "<h2>Details:</h2>" . "<h2>Details:</h2>"
. "<p>". htmlspecialchars($error) . "</p>"); . "<p>" . htmlspecialchars($error) . "</p>");
} }
date_default_timezone_set(TIMEZONE); date_default_timezone_set(TIMEZONE);

Write Preview
Loading…
Cancel
Save