beenull/OnlineNewsSite
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Resolved vulnerability where user could assign himself admin permissions or activation even without email verification

Browse source
This commit is contained in:
Roman Malosev 2024-03-29 16:06:46 +02:00
parent 474c0fba57
commit bf576d7a67
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
activities/Auth/Auth.php
View file

@ -106,7 +106,7 @@ class Auth
if ($result) {
$request['verify_token'] = $randomToken;
$request['password'] = $this->hash($request['password']);
$db->insert('users', array_keys($request), $request);
$db->insert('users', ['email', 'password', 'username', 'verify_token'], [$request['email'], $request['password'], $request['username'], $request['verify_token']]);
$this->redirect('login');
}