diff options
| author | redmatrix <git@macgirvin.com> | 2016-07-15 01:06:25 -0700 |
|---|---|---|
| committer | redmatrix <git@macgirvin.com> | 2016-07-15 01:06:25 -0700 |
| commit | f666d8a0838efec0e05fcd9ea884eb6733cea3a8 (patch) | |
| tree | edc1484ede9d4c9421a08a1b1847c28ea902393a /Zotlabs/Module/Settings.php | |
| parent | 7ee7f00bf34b11d0427f03df9494088cf56ef9ee (diff) | |
| download | volse-hubzilla-f666d8a0838efec0e05fcd9ea884eb6733cea3a8.tar.gz volse-hubzilla-f666d8a0838efec0e05fcd9ea884eb6733cea3a8.tar.bz2 volse-hubzilla-f666d8a0838efec0e05fcd9ea884eb6733cea3a8.zip | |
enforce non-empty name and token/password on access tokens until better checks are instituted.
Diffstat (limited to 'Zotlabs/Module/Settings.php')
| -rw-r--r-- | Zotlabs/Module/Settings.php | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 60c9be519..b1f6c8144 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -121,15 +121,22 @@ class Settings extends \Zotlabs\Web\Controller { if((argc() > 1) && (argv(1) == 'tokens')) { check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens'); - - $atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0); - $name = trim(escape_tags($_POST['name'])); - $token = trim($_POST['token']); - if(trim($_POST['expires'])) - $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']); - else - $expires = NULL_DATE; - + $token_errs = 0; + if(array_key_exists('token',$_POST)) { + $atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0); + $name = trim(escape_tags($_POST['name'])); + $token = trim($_POST['token']); + if((! $name) || (! $token)) + $token_errs ++; + if(trim($_POST['expires'])) + $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']); + else + $expires = NULL_DATE; + } + if($token_errs) { + notice( t('Name and Token are required.') . EOL); + return; + } if($atoken_id) { $r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expire = '%s' where atoken_id = %d and atoken_uid = %d", |