Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 02:14:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

prevent elevate privileges with JWT claims

Browse Source
This commit is contained in:
HadleySo
2026-03-18 22:53:31 -05:00
parent 6ec147bc83
commit 84de1bf912
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/models/User_model.php
View File

@@ -765,6 +765,10 @@ class User_Model extends CI_Model {
// FUNCTION: update specific user fields from SSO claims (bypass privilege check, used during login flow)
function update_sso_claims(int $user_id, array $fields): void {
// Cannot modify the following
$blocked = ['user_type', 'user_password', 'clubstation', 'external_account', 'login_attempts', 'created_at', 'modified_at', 'last_modified', 'last_seen', 'reset_password_date', 'reset_password_code'];
$fields = array_diff_key($fields, array_flip($blocked));
$this->db->where('user_id', $user_id);
$this->db->update('users', $fields);
}