diff options
author | Michael Tänzer <neo@nhng.de> | 2014-01-15 00:06:56 +0100 |
---|---|---|
committer | Michael Tänzer <neo@nhng.de> | 2014-01-15 00:06:56 +0100 |
commit | 9064664ed906768c99529a5144ee2bdb91123804 (patch) | |
tree | 8ab022b3f21531f36be9880ca7cc0b31857e72e1 | |
parent | 7d088a2e2b1bd6ecb88bcf469c5891fc1f22a467 (diff) | |
parent | 0fcd48bf0d49724ac747f00c0990e157df64b584 (diff) | |
download | cacert-devel-9064664ed906768c99529a5144ee2bdb91123804.tar.gz cacert-devel-9064664ed906768c99529a5144ee2bdb91123804.tar.xz cacert-devel-9064664ed906768c99529a5144ee2bdb91123804.zip |
Merge remote-tracking branch 'origin/bug-1236' into release
-rw-r--r-- | includes/account.php | 44 | ||||
-rw-r--r-- | pages/account/13.php | 4 |
2 files changed, 27 insertions, 21 deletions
diff --git a/includes/account.php b/includes/account.php index f28cf49..36793f0 100644 --- a/includes/account.php +++ b/includes/account.php @@ -22,14 +22,16 @@ loadem("account"); - $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']); - $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']); - $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process']; + $id = array_key_exists("id",$_REQUEST) ? intval($_REQUEST['id']) : 0; + $oldid = array_key_exists("oldid",$_REQUEST) ? intval($_REQUEST['oldid']) : 0; + $process = array_key_exists("process",$_REQUEST) ? $_REQUEST['process'] : ""; +// $showdetalis refers to Secret Question and Answers from account/13.php + $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0; - $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']); - $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']); - $memid=0; if(array_key_exists('memid',$_REQUEST)) $memid=intval($_REQUEST['memid']); - $domid=0; if(array_key_exists('domid',$_REQUEST)) $domid=intval($_REQUEST['domid']); + $cert = array_key_exists('cert',$_REQUEST) ? intval($_REQUEST['cert']) : 0; + $orgid = array_key_exists('orgid',$_REQUEST) ? intval($_REQUEST['orgid']) : 0; + $memid = array_key_exists('memid',$_REQUEST) ? intval($_REQUEST['memid']) : 0; + $domid = array_key_exists('domid',$_REQUEST) ? intval($_REQUEST['domid']) : 0; if(!$_SESSION['mconn']) @@ -1205,7 +1207,7 @@ mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'"); } - if($oldid == 13 && $process != "") + if($oldid == 13 && $process != "" && $showdetails!="") { csrf_check("perschange"); $_SESSION['_config']['user'] = $_SESSION['profile']; @@ -1313,18 +1315,20 @@ where `id`='".$_SESSION['profile']['id']."'"; mysql_query($query); } - $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', - `Q2`='".$_SESSION['_config']['user']['Q2']."', - `Q3`='".$_SESSION['_config']['user']['Q3']."', - `Q4`='".$_SESSION['_config']['user']['Q4']."', - `Q5`='".$_SESSION['_config']['user']['Q5']."', - `A1`='".$_SESSION['_config']['user']['A1']."', - `A2`='".$_SESSION['_config']['user']['A2']."', - `A3`='".$_SESSION['_config']['user']['A3']."', - `A4`='".$_SESSION['_config']['user']['A4']."', - `A5`='".$_SESSION['_config']['user']['A5']."' - where `id`='".$_SESSION['profile']['id']."'"; - mysql_query($query); + if ($showdetails!="") { + $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."', + `Q2`='".$_SESSION['_config']['user']['Q2']."', + `Q3`='".$_SESSION['_config']['user']['Q3']."', + `Q4`='".$_SESSION['_config']['user']['Q4']."', + `Q5`='".$_SESSION['_config']['user']['Q5']."', + `A1`='".$_SESSION['_config']['user']['A1']."', + `A2`='".$_SESSION['_config']['user']['A2']."', + `A3`='".$_SESSION['_config']['user']['A3']."', + `A4`='".$_SESSION['_config']['user']['A4']."', + `A5`='".$_SESSION['_config']['user']['A5']."' + where `id`='".$_SESSION['profile']['id']."'"; + mysql_query($query); + } //!!!Should be rewritten $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash'])))); diff --git a/pages/account/13.php b/pages/account/13.php index 1c1cfc6..08f325d 100644 --- a/pages/account/13.php +++ b/pages/account/13.php @@ -23,7 +23,8 @@ $year = intval(substr($user['dob'], 0, 4)); $month = intval(substr($user['dob'], 5, 2)); $day = intval(substr($user['dob'], 8, 2)); - $showdetails = array_key_exists('showdetails', $_REQUEST) && !!intval($_REQUEST['showdetails']); + $showdetails = array_key_exists("showdetails",$_REQUEST) ? intval($_REQUEST['showdetails']) : 0; + if($showdetails){ $body = sprintf(_("Hi %s,"),$user['fname'])."\n\n"; $body .= _("You receive this automatic mail since you yourself or someone ". @@ -160,6 +161,7 @@ <td class="DataTD"><input type="text" name="A5" value="<?=sanitizeHTML($user['A5'])?>"></td> </tr> <tr> + <input type="hidden" name="showdetails" value="1" /> <? } ?> <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Update")?>"></td> </tr> |