lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Improper Authorization Check reported by Ahsan Aziz.

Browse Source
This commit is contained in:
Laurent Destailleur 2021-07-20 22:42:23 +02:00
parent cea35bd208
commit b57eb8284e
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/user/card.php
View File

@ -314,8 +314,8 @@ if (empty($reshook)) {
$id = $object->create($user);
if ($id > 0) {
if (GETPOST('password')) {
$object->setPassword($user, GETPOST('password'));
if (GETPOST('password', 'none')) {
$object->setPassword($user, GETPOST('password','none'));
}
if (!empty($conf->categorie->enabled)) {
// Categories association

8
htdocs/user/class/user.class.php
View File

@ -1280,6 +1280,10 @@ class User extends CommonObject
$langs->load("errors");
$this->error = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Login"));
return -1;
} elseif (preg_match('/[,@<>"\']/', $this->login)) {
$langs->load("errors");
$this->error = $langs->trans("ErrorBadCharIntoLoginName");
return -1;
}
$this->datec = dol_now();
@ -1669,6 +1673,10 @@ class User extends CommonObject
$langs->load("errors");
$this->error = $langs->trans("ErrorFieldRequired", 'Login');
return -1;
} elseif (preg_match('/[,@<>"\']/', $this->login)) {
$langs->load("errors");
$this->error = $langs->trans("ErrorBadCharIntoLoginName");
return -1;
}
$this->db->begin();