Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

use POST instead of GET

Browse Source
This commit is contained in:
HB9HIL
2024-08-16 20:36:39 +02:00
parent 1601af3e7d
commit 14433d46cb
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
application/controllers/User.php
View File

@@ -1162,7 +1162,7 @@ class User extends CI_Controller {
return false;
}
public function impersonate($hash = false) {
public function impersonate() {
if ($this->config->item('encryption_key') == 'flossie1234555541') {
$this->session->set_flashdata('error', __("You currently can't impersonate another user. Please change the encryption_key in the config file first!"));
@@ -1185,10 +1185,7 @@ class User extends CI_Controller {
}
// decrypt the hash
$decrypted_hash = $this->encryption->decrypt(urldecode($hash));
// get the user_id from the URL
$user_id = $this->security->xss_clean($decrypted_hash);
$user_id = $this->encryption->decrypt(urldecode($this->input->post('hash', TRUE) ?? ''));
// make sure the user_id is a number
if (!is_numeric($user_id)) {

11
application/views/user/main.php
View File

@@ -99,14 +99,17 @@
?></td>
<td style="text-align: center; vertical-align: middle;">
<?php
if ($session_uid != $row->user_id) {
echo "<a href=" . site_url('user/impersonate') . "/" . urlencode($this->encryption->encrypt($row->user_id)) . " class=\"btn btn-info btn-sm\"><i class=\"fas fa-people-arrows\"></i></a>";
}
if ($session_uid != $row->user_id) { ?>
<form action="<?php echo site_url('user/impersonate'); ?>" method="post" style="display:inline;">
<input type="hidden" name="hash" value="<?php echo urlencode($this->encryption->encrypt($row->user_id)); ?>">
<button type="submit" class="btn btn-info btn-sm"><i class="fas fa-people-arrows"></i></button>
</form>
<?php }
?></td>
<td style="text-align: center; vertical-align: middle;">
<?php
if ($session_uid != $row->user_id) {
echo "<a href=" . site_url('user/delete') . "/" . $row->user_id . " class=\"btn btn-danger btn-sm\"><i class=\"fas fa-user-minus\"></i></a>";
echo '<a href="' . site_url('user/delete') . '/' . $row->user_id . '" class="btn btn-danger btn-sm"><i class="fas fa-user-minus"></i></a>';
}
?></td>
</td>