|
|
@@ -70,15 +70,15 @@ if (isset($_SESSION['id'])) {
|
|
|
// Decrypt display username
|
|
|
if (!isset($_COOKIE['display-username-decryption-key']))
|
|
|
output(403, 'The display username decryption key has not been sent.');
|
|
|
- $decryption_result = htmlspecialchars(sodium_crypto_aead_xchacha20poly1305_ietf_decrypt(
|
|
|
+ $decryption_result = sodium_crypto_aead_xchacha20poly1305_ietf_decrypt(
|
|
|
$_SESSION['display-username-cyphertext'],
|
|
|
'',
|
|
|
$_SESSION['display-username-nonce'],
|
|
|
base64_decode($_COOKIE['display-username-decryption-key'])
|
|
|
- ));
|
|
|
+ );
|
|
|
if ($decryption_result === false)
|
|
|
output(403, 'Unable to decrypt display username.');
|
|
|
- define('DISPLAY_USERNAME', $decryption_result);
|
|
|
+ define('DISPLAY_USERNAME', htmlspecialchars($decryption_result));
|
|
|
|
|
|
// Enable not already enabled services for this user
|
|
|
$user_services = array_filter(explode(',', query('select', 'users', ['id' => $_SESSION['id']], 'services')[0]));
|
Miraty