aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-07-15 01:06:25 -0700
committerredmatrix <git@macgirvin.com>2016-07-15 01:06:25 -0700
commitf666d8a0838efec0e05fcd9ea884eb6733cea3a8 (patch)
treeedc1484ede9d4c9421a08a1b1847c28ea902393a /Zotlabs
parent7ee7f00bf34b11d0427f03df9494088cf56ef9ee (diff)
downloadvolse-hubzilla-f666d8a0838efec0e05fcd9ea884eb6733cea3a8.tar.gz
volse-hubzilla-f666d8a0838efec0e05fcd9ea884eb6733cea3a8.tar.bz2
volse-hubzilla-f666d8a0838efec0e05fcd9ea884eb6733cea3a8.zip
enforce non-empty name and token/password on access tokens until better checks are instituted.
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Settings.php25
1 files changed, 16 insertions, 9 deletions
diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index 60c9be519..b1f6c8144 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -121,15 +121,22 @@ class Settings extends \Zotlabs\Web\Controller {
if((argc() > 1) && (argv(1) == 'tokens')) {
check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
-
- $atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
- $name = trim(escape_tags($_POST['name']));
- $token = trim($_POST['token']);
- if(trim($_POST['expires']))
- $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
- else
- $expires = NULL_DATE;
-
+ $token_errs = 0;
+ if(array_key_exists('token',$_POST)) {
+ $atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
+ $name = trim(escape_tags($_POST['name']));
+ $token = trim($_POST['token']);
+ if((! $name) || (! $token))
+ $token_errs ++;
+ if(trim($_POST['expires']))
+ $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
+ else
+ $expires = NULL_DATE;
+ }
+ if($token_errs) {
+ notice( t('Name and Token are required.') . EOL);
+ return;
+ }
if($atoken_id) {
$r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expire = '%s'
where atoken_id = %d and atoken_uid = %d",