Test for valid language file when saving user.

This commit is contained in:
Isaac Connor 2022-02-08 14:16:50 -05:00
parent b10bb9d8b0
commit 6268652520
1 changed files with 21 additions and 3 deletions

View File

@ -44,12 +44,21 @@ if ($action == 'Save') {
} else { } else {
unset($_REQUEST['newUser']['Password']); unset($_REQUEST['newUser']['Password']);
} }
if (isset($_REQUEST['newUser']['Language']) and $_REQUEST['newUser']['Language']) {
# Verify that the language file exists in the lang directory.
if (!file_exists(ZM_PATH_WEB.'/lang/'.$_REQUEST['newUser']['Language'].'.php')) {
$error_message .= 'Error setting Language. New value ' .$_REQUEST['newUser']['Language'].' not saved because '.ZM_PATH_WEB.'/lang/'.$_REQUEST['newUser']['Language'].'.php doesn\'t exist.<br/>';
ZM\Error($error_message);
unset($_REQUEST['newUser']['Language']);
unset($_REQUEST['redirect']);
}
}
$changes = $dbUser->changes($_REQUEST['newUser']); $changes = $dbUser->changes($_REQUEST['newUser']);
ZM\Debug("Changes: " . print_r($changes, true)); ZM\Debug('Changes: ' . print_r($changes, true));
if (count($changes)) { if (count($changes)) {
if (!$dbUser->save($changes)) { if (!$dbUser->save($changes)) {
$error_message = $dbUser->get_last_error(); $error_message .= $dbUser->get_last_error().'<br/>';
unset($_REQUEST['redirect']); unset($_REQUEST['redirect']);
return; return;
} }
@ -73,6 +82,15 @@ if ($action == 'Save') {
} else { } else {
unset($_REQUEST['newUser']['Password']); unset($_REQUEST['newUser']['Password']);
} }
if (isset($_REQUEST['newUser']['Language']) and $_REQUEST['newUser']['Language']) {
# Verify that the language file exists in the lang directory.
if (!file_exists(ZM_PATH_WEB.'/lang/'.$_REQUEST['newUser']['Language'].'.php')) {
$error_message .= 'Error setting Language. New value ' .$_REQUEST['newUser']['Language'].' not saved because '.ZM_PATH_WEB.'/lang/'.$_REQUEST['newUser']['Language'].'.php doesn\'t exist.<br/>';
ZM\Error($error_message);
unset($_REQUEST['newUser']['Language']);
unset($_REQUEST['redirect']);
}
}
$fields = array('Password'=>'', 'Language'=>'', 'HomeView'=>''); $fields = array('Password'=>'', 'Language'=>'', 'HomeView'=>'');
ZM\Debug("changes: ".print_r(array_intersect_key($_REQUEST['newUser'], $fields),true)); ZM\Debug("changes: ".print_r(array_intersect_key($_REQUEST['newUser'], $fields),true));
$changes = $dbUser->changes(array_intersect_key($_REQUEST['newUser'], $fields)); $changes = $dbUser->changes(array_intersect_key($_REQUEST['newUser'], $fields));
@ -80,7 +98,7 @@ if ($action == 'Save') {
if (count($changes)) { if (count($changes)) {
if (!$dbUser->save($changes)) { if (!$dbUser->save($changes)) {
$error_message = $dbUser->get_last_error(); $error_message .= $dbUser->get_last_error();
unset($_REQUEST['redirect']); unset($_REQUEST['redirect']);
return; return;
} }