Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-10-18 11:43:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Protect against csrf in more places (accounts & guilds pages)

Browse Source
This commit is contained in:
slawkens
2025-05-24 09:52:56 +02:00
parent 72cdd290da
commit 6eda38603c
21 changed files with 43 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
system/pages/account/characters/change-comment.php
View File

@@ -20,6 +20,8 @@ if(!$logged) {
return;
}
csrfProtect();
$player = null;
$player_name = isset($_REQUEST['name']) ? stripslashes(urldecode($_REQUEST['name'])) : null;
$new_comment = isset($_POST['comment']) ? htmlspecialchars(stripslashes(substr($_POST['comment'],0,2000))) : NULL;

2
system/pages/account/characters/change-name.php
View File

@@ -17,6 +17,8 @@ if(!$logged) {
return;
}
csrfProtect();
$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
$name = isset($_POST['name']) ? stripslashes(ucwords(strtolower($_POST['name']))) : NULL;
if((!setting('core.account_change_character_name')))

2
system/pages/account/characters/change-sex.php
View File

@@ -17,6 +17,8 @@ if(!$logged) {
return;
}
csrfProtect();
$sex_changed = false;
$player_id = isset($_POST['player_id']) ? (int)$_POST['player_id'] : NULL;
$new_sex = isset($_POST['new_sex']) ? (int)$_POST['new_sex'] : NULL;

2
system/pages/account/characters/create.php
View File

@@ -20,6 +20,8 @@ if(!$logged) {
return;
}
csrfProtect();
$character_name = isset($_POST['name']) ? stripslashes($_POST['name']) : null;
$character_sex = isset($_POST['sex']) ? (int)$_POST['sex'] : null;
$character_vocation = isset($_POST['vocation']) ? (int)$_POST['vocation'] : null;

2
system/pages/account/characters/delete.php
View File

@@ -17,6 +17,8 @@ if(!$logged) {
return;
}
csrfProtect();
$player_name = isset($_POST['delete_name']) ? stripslashes($_POST['delete_name']) : null;
$password_verify = isset($_POST['delete_password']) ? $_POST['delete_password'] : null;
$password_verify = encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $password_verify);