Fixes regarding csrf + refactor some parts of AAC (guilds + forum)

Replace $account_logged->getPlayers() with getPlayersList() $_REQUEST['todo'] -> $_REQUEST['post'] $guild_errors -> $errors
2025-10-17 19:23:27 +02:00 · 2025-05-24 11:42:42 +02:00
parent e776bd52be
commit 84d502bf10
42 changed files with 301 additions and 272 deletions
--- a/system/pages/guilds/invite.php
+++ b/system/pages/guilds/invite.php
@@ -36,7 +36,7 @@ if(empty($errors)) {
 	$rank_list->orderBy('level', POT::ORDER_DESC);
 	$guild_leader = false;
 	$guild_vice = false;
-	$account_players = $account_logged->getPlayers();
+	$account_players = $account_logged->getPlayersList();
 	foreach($account_players as $player) {
 		$player_rank = $player->getRank();
 		if($player_rank->isLoaded()) {
@@ -62,7 +62,7 @@ if(!$guild_vice) {
 	$errors[] = 'You are not a leader or vice leader of guild <b>'.$guild_name.'</b>.'.$level_in_guild;
 }

-if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 	if(!Validator::characterName($name)) {
 		$errors[] = 'Invalid name format.';
 	}
@@ -71,7 +71,7 @@ if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
 		$player = new OTS_Player();
 		$player->find($name);
 		if(!$player->isLoaded()) {
-			$errors[] = 'Player with name <b>' . $name . '</b> doesn\'t exist.';
+			$errors[] = "Player with name <b>$name</b> doesn't exist.";
 		} else if ($player->isDeleted()) {
 			$errors[] = "Character with name <b>$name</b> has been deleted.";
 		}
@@ -102,7 +102,7 @@ if(!empty($errors)) {
 	$twig->display('error_box.html.twig', array('errors' => $errors));
 }
 else {
-	if(isset($_REQUEST['todo']) && $_REQUEST['todo'] == 'save') {
+	if(isset($_POST['todo']) && $_POST['todo'] == 'save') {
 		$guild->invite($player);
 		$twig->display('success.html.twig', array(
 			'title' => 'Invite player',