github
/
phpservermon
mirror of https://github.com/phpservermon/phpservermon
1
0
Fork 0
Code Issues Releases Wiki Activity

Removed ability to edit Anonymous Users DB-Entry to prevent change of Userlvl or screwing other things up.

pull/1038/head
V3ndetta 2020-10-22 08:47:45 +02:00
parent 64be484635
commit b97d430783
No known key found for this signature in database
GPG Key ID: 08718915BE866719
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/psm/Module/User/Controller/UserController.php
View File

@ -102,7 +102,7 @@ class UserController extends AbstractController
$users = $this->db->select( $users = $this->db->select(
PSM_DB_PREFIX . 'users', PSM_DB_PREFIX . 'users',
null, 'user_id > 0',
array('user_id', 'user_name', 'level', 'name', 'mobile', 'email'), array('user_id', 'user_name', 'level', 'name', 'mobile', 'email'),
null, null,
array('name') array('name')

2
src/psm/Service/Database.php
View File

@ -435,7 +435,7 @@ class Database
} }
$query = substr($query, 0, -5); $query = substr($query, 0, -5);
} else { } else {
if (strpos($where, '=') === false) { if ((strpos($where, '=') === false ) && (strpos($where, '>') === false) && (strpos($where, '<') === false)) {
// no field given, use primary field // no field given, use primary field
$primary = $this->getPrimary($table); $primary = $this->getPrimary($table);
$query .= " WHERE `{$table}`.`{$primary}`={$this->quote($where)}"; $query .= " WHERE `{$table}`.`{$primary}`={$this->quote($where)}";