From f666d8a0838efec0e05fcd9ea884eb6733cea3a8 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Fri, 15 Jul 2016 01:06:25 -0700
Subject: enforce non-empty name and token/password on access tokens until
 better checks are instituted.

---
 Zotlabs/Module/Settings.php | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

(limited to 'Zotlabs/Module/Settings.php')

diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index 60c9be519..b1f6c8144 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -121,15 +121,22 @@ class Settings extends \Zotlabs\Web\Controller {
 
 		if((argc() > 1) && (argv(1) == 'tokens')) {
 			check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
-			
-			$atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
-			$name = trim(escape_tags($_POST['name']));
-			$token = trim($_POST['token']);
-			if(trim($_POST['expires']))
-				$expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
-			else
-				$expires = NULL_DATE;
-
+			$token_errs = 0;
+			if(array_key_exists('token',$_POST)) {
+				$atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
+				$name = trim(escape_tags($_POST['name']));
+				$token = trim($_POST['token']);
+				if((! $name) || (! $token))
+						$token_errs ++;
+				if(trim($_POST['expires']))
+					$expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
+				else
+					$expires = NULL_DATE;
+			}
+			if($token_errs) {
+				notice( t('Name and Token are required.') . EOL);
+				return;
+			}
 			if($atoken_id) {
 				$r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expire = '%s' 
 					where atoken_id = %d and atoken_uid = %d",
-- 
cgit v1.2.3