Whitelist incoming account update request params (#1225)
This commit is contained in:
Alex Tselegidis
parent
0452e9543d
commit
b7833643c2
1 changed files with 28 additions and 2 deletions
|
|
@ -48,7 +48,7 @@ class Account extends EA_Controller {
|
||||||
session(['dest_url' => site_url('account')]);
|
session(['dest_url' => site_url('account')]);
|
||||||
|
|
||||||
$user_id = session('user_id');
|
$user_id = session('user_id');
|
||||||
|
|
||||||
if (cannot('view', PRIV_USER_SETTINGS))
|
if (cannot('view', PRIV_USER_SETTINGS))
|
||||||
{
|
{
|
||||||
if ($user_id)
|
if ($user_id)
|
||||||
|
|
@ -91,6 +91,32 @@ class Account extends EA_Controller {
|
||||||
|
|
||||||
$account = request('account');
|
$account = request('account');
|
||||||
|
|
||||||
|
$account['id'] = session('user_id');
|
||||||
|
|
||||||
|
$this->users_model->only($account, [
|
||||||
|
'id',
|
||||||
|
'first_name',
|
||||||
|
'last_name',
|
||||||
|
'email',
|
||||||
|
'mobile_number',
|
||||||
|
'phone_number',
|
||||||
|
'address',
|
||||||
|
'city',
|
||||||
|
'state',
|
||||||
|
'zip_code',
|
||||||
|
'notes',
|
||||||
|
'timezone',
|
||||||
|
'language',
|
||||||
|
'settings'
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->users_model->only($account['settings'], [
|
||||||
|
'username',
|
||||||
|
'password',
|
||||||
|
'notifications',
|
||||||
|
'calendar_view'
|
||||||
|
]);
|
||||||
|
|
||||||
$this->users_model->save($account);
|
$this->users_model->save($account);
|
||||||
|
|
||||||
session([
|
session([
|
||||||
|
|
@ -140,7 +166,7 @@ class Account extends EA_Controller {
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
// Check if language exists in the available languages.
|
// Check if language exists in the available languages.
|
||||||
|
|
||||||
$found = FALSE;
|
$found = FALSE;
|
||||||
|
|
||||||
foreach (config('available_languages') as $lang)
|
foreach (config('available_languages') as $lang)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue