Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2025-11-02 03:16:11 +01:00
Code Issues Packages Projects Releases Activity

escape and lowercase username in all cases #577

Browse Source
This commit is contained in:
Andy Miller
2016-05-09 19:29:27 -06:00
parent 7535361b17
commit b0ce609c4c
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
classes/controller.php
View File

@@ -252,7 +252,7 @@ class AdminController
*/
protected function taskLogin()
{
$this->data['username'] = strtolower($this->data['username']);
$this->data['username'] = strip_tags(strtolower($this->data['username']));
if ($this->admin->authenticate($this->data, $this->post)) {
// should never reach here, redirects first
} else {
@@ -472,7 +472,7 @@ class AdminController
$post = $this->post;
$data = $this->data;
$username = isset($data['username']) ? $data['username'] : '';
$username = isset($data['username']) ? strip_tags(strtolower($data['username'])) : '';
$user = !empty($username) ? User::load($username) : null;
if (!isset($this->grav['Email'])) {
@@ -562,7 +562,7 @@ class AdminController
$data = $this->data;
if (isset($data['password'])) {
$username = isset($data['username']) ? $data['username'] : null;
$username = isset($data['username']) ? strip_tags(strtolower($data['username'])) : null;
$user = !empty($username) ? User::load($username) : null;
$password = isset($data['password']) ? $data['password'] : null;
$token = isset($data['token']) ? $data['token'] : null;
@@ -1598,9 +1598,10 @@ class AdminController
public function taskContinue()
{
$data = (array) $this->data;
$username = strip_tags(strtolower($data['username']));
if ($this->view == 'users') {
$this->setRedirect("{$this->view}/{$data['username']}");
$this->setRedirect("{$this->view}/{$username}");
return true;
}