fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 10:11:38 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix #2277 potentially undefined session variable

Browse source
This commit is contained in:
Kijin Sung 2024-01-20 13:27:59 +09:00
parent 07e252d2ac
commit c91e772781
2 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/member/member.controller.php
View file

@ -899,7 +899,7 @@ class MemberController extends Member
function procMemberModifyInfoBefore()
{
if($_SESSION['rechecked_password_step'] != 'INPUT_PASSWORD')
if (!isset($_SESSION['rechecked_password_step']) || $_SESSION['rechecked_password_step'] !== 'INPUT_PASSWORD')
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
@ -952,7 +952,7 @@ class MemberController extends Member
throw new Rhymix\Framework\Exceptions\MustLogin;
}
if($_SESSION['rechecked_password_step'] != 'INPUT_DATA')
if (!isset($_SESSION['rechecked_password_step']) || $_SESSION['rechecked_password_step'] !== 'INPUT_DATA')
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}
@ -3502,7 +3502,7 @@ class MemberController extends Member
{
if(!Context::get('is_logged')) throw new Rhymix\Framework\Exceptions\MustLogin;
if($_SESSION['rechecked_password_step'] != 'INPUT_DATA')
if (!isset($_SESSION['rechecked_password_step']) || $_SESSION['rechecked_password_step'] !== 'INPUT_DATA')
{
throw new Rhymix\Framework\Exceptions\InvalidRequest;
}

4
modules/member/member.view.php
View file

@ -432,7 +432,7 @@ class MemberView extends Member
*/
function dispMemberModifyInfo()
{
if($_SESSION['rechecked_password_step'] != 'VALIDATE_PASSWORD' && $_SESSION['rechecked_password_step'] != 'INPUT_DATA')
if (!isset($_SESSION['rechecked_password_step']) || !in_array($_SESSION['rechecked_password_step'], ['VALIDATE_PASSWORD', 'INPUT_DATA']))
{
$this->dispMemberModifyInfoBefore();
return;
@ -955,7 +955,7 @@ class MemberView extends Member
function dispMemberModifyEmailAddress()
{
if($_SESSION['rechecked_password_step'] != 'VALIDATE_PASSWORD' && $_SESSION['rechecked_password_step'] != 'INPUT_DATA')
if (!isset($_SESSION['rechecked_password_step']) || !in_array($_SESSION['rechecked_password_step'], ['VALIDATE_PASSWORD', 'INPUT_DATA']))
{
Context::set('success_return_url', getUrl('', 'mid', Context::get('mid'), 'act', 'dispMemberModifyEmailAddress'));
$this->dispMemberModifyInfoBefore();