Require POST for sending forms

* Ensure that the form is submitted with a post request * Replaced several links with forms Closes #494 (Security Vulnerability)
author: Igor Scheller <igor.scheller@igorshp.de> 2018-11-20 16:02:03 +0100
committer: msquare <msquare@notrademark.de> 2018-11-21 19:24:36 +0100
commit: 944c29b96429ec95ac1371cb33cc43704a60c7b1 (patch)
tree: 7be99e68d8c15fc7e210a4b3ccc44861a8d1de64 /includes/pages/user_settings.php
parent: fd37c9d60ea818dc9a562fa88ff5f9a50132506f (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index f833eec5..c39c0ef7 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -204,13 +204,13 @@ function user_settings()
     }
 
     $user_source = auth()->user();
-    if ($request->has('submit')) {
+    if ($request->hasPostData('submit')) {
         $user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes);
-    } elseif ($request->has('submit_password')) {
+    } elseif ($request->hasPostData('submit_password')) {
         user_settings_password($user_source);
-    } elseif ($request->has('submit_theme')) {
+    } elseif ($request->hasPostData('submit_theme')) {
         $user_source = user_settings_theme($user_source, $themes);
-    } elseif ($request->has('submit_language')) {
+    } elseif ($request->hasPostData('submit_language')) {
         $user_source = user_settings_locale($user_source, $locales);
     }
author	Igor Scheller <igor.scheller@igorshp.de>	2018-11-20 16:02:03 +0100
committer	msquare <msquare@notrademark.de>	2018-11-21 19:24:36 +0100
commit	944c29b96429ec95ac1371cb33cc43704a60c7b1 (patch)
tree	7be99e68d8c15fc7e210a4b3ccc44861a8d1de64 /includes/pages/user_settings.php
parent	fd37c9d60ea818dc9a562fa88ff5f9a50132506f (diff)