Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

thanks to POST we can remove url_encoding and prevent issues here

Browse Source
This commit is contained in:
HB9HIL
2024-08-17 00:45:09 +02:00
parent 14433d46cb
commit 05295d1694
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
application/controllers/User.php
View File

@@ -1185,7 +1185,7 @@ class User extends CI_Controller {
}
// decrypt the hash
$user_id = $this->encryption->decrypt(urldecode($this->input->post('hash', TRUE) ?? ''));
$user_id = $this->encryption->decrypt($this->input->post('hash', TRUE) ?? '');
// make sure the user_id is a number
if (!is_numeric($user_id)) {

2
application/views/user/main.php
View File

@@ -101,7 +101,7 @@
<?php
if ($session_uid != $row->user_id) { ?>
<form action="<?php echo site_url('user/impersonate'); ?>" method="post" style="display:inline;">
<input type="hidden" name="hash" value="<?php echo urlencode($this->encryption->encrypt($row->user_id)); ?>">
<input type="hidden" name="hash" value="<?php echo $this->encryption->encrypt($row->user_id); ?>">
<button type="submit" class="btn btn-info btn-sm"><i class="fas fa-people-arrows"></i></button>
</form>
<?php }