diff --git a/application/controllers/User.php b/application/controllers/User.php
index 81a5c0d98..f948ee3f2 100644
--- a/application/controllers/User.php
+++ b/application/controllers/User.php
@@ -1162,7 +1162,7 @@ class User extends CI_Controller {
return false;
}
- public function impersonate($hash = false) {
+ public function impersonate() {
if ($this->config->item('encryption_key') == 'flossie1234555541') {
$this->session->set_flashdata('error', __("You currently can't impersonate another user. Please change the encryption_key in the config file first!"));
@@ -1185,10 +1185,7 @@ class User extends CI_Controller {
}
// decrypt the hash
- $decrypted_hash = $this->encryption->decrypt(urldecode($hash));
-
- // get the user_id from the URL
- $user_id = $this->security->xss_clean($decrypted_hash);
+ $user_id = $this->encryption->decrypt(urldecode($this->input->post('hash', TRUE) ?? ''));
// make sure the user_id is a number
if (!is_numeric($user_id)) {
diff --git a/application/views/user/main.php b/application/views/user/main.php
index ec1edda67..9ee3f38e0 100644
--- a/application/views/user/main.php
+++ b/application/views/user/main.php
@@ -99,14 +99,17 @@
?>
|
user_id) {
- echo "encryption->encrypt($row->user_id)) . " class=\"btn btn-info btn-sm\">";
- }
+ if ($session_uid != $row->user_id) { ?>
+
+ |
user_id) {
- echo "user_id . " class=\"btn btn-danger btn-sm\">";
+ echo '';
}
?> |