MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [API] /users/edit modifications 

- remove sanitised password when directly posting back a user object
- more graceful error handling if something goes critically wrong
nibbler
iglocska 2019-11-29 12:40:18 +01:00
parent d656490461
commit ca484ae1dc
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
app/Controller/UsersController.php
View File

@ -179,7 +179,11 @@ class UsersController extends AppController
// Save the data
if ($this->_isRest()) {
if (!empty($this->request->data['User']['password'])) {
$currentUser['User']['confirm_password'] = $this->request->data['User']['password'];
if ($this->request->data['User']['password'] === '****') {
unset($this->request->data['User']['password']);
} else {
$currentUser['User']['confirm_password'] = $this->request->data['User']['password'];
}
}
}
if ($this->User->save($currentUser, true, $fieldList)) {
@ -201,6 +205,7 @@ class UsersController extends AppController
}
} else {
$message = __('The profile could not be updated. Please, try again.');
$abortPost = true;
}
}
if ($abortPost) {