Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix Improper Authorization Check reported by Ahsan Aziz.

Browse Source
This commit is contained in:
Laurent Destailleur
2021-07-20 22:42:23 +02:00
parent cea35bd208
commit b57eb8284e
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/user/class/user.class.php
View File

@@ -1280,6 +1280,10 @@ class User extends CommonObject
$langs->load("errors");
$this->error = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Login"));
return -1;
} elseif (preg_match('/[,@<>"\']/', $this->login)) {
$langs->load("errors");
$this->error = $langs->trans("ErrorBadCharIntoLoginName");
return -1;
}
$this->datec = dol_now();
@@ -1669,6 +1673,10 @@ class User extends CommonObject
$langs->load("errors");
$this->error = $langs->trans("ErrorFieldRequired", 'Login');
return -1;
} elseif (preg_match('/[,@<>"\']/', $this->login)) {
$langs->load("errors");
$this->error = $langs->trans("ErrorBadCharIntoLoginName");
return -1;
}
$this->db->begin();