From 944c29b96429ec95ac1371cb33cc43704a60c7b1 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 20 Nov 2018 16:02:03 +0100
Subject: Require POST for sending forms

* Ensure that the form is submitted with a post request
* Replaced several links with forms

Closes #494 (Security Vulnerability)
---
 includes/pages/user_settings.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'includes/pages/user_settings.php')

diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index f833eec5..c39c0ef7 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -204,13 +204,13 @@ function user_settings()
     }
 
     $user_source = auth()->user();
-    if ($request->has('submit')) {
+    if ($request->hasPostData('submit')) {
         $user_source = user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes);
-    } elseif ($request->has('submit_password')) {
+    } elseif ($request->hasPostData('submit_password')) {
         user_settings_password($user_source);
-    } elseif ($request->has('submit_theme')) {
+    } elseif ($request->hasPostData('submit_theme')) {
         $user_source = user_settings_theme($user_source, $themes);
-    } elseif ($request->has('submit_language')) {
+    } elseif ($request->hasPostData('submit_language')) {
         $user_source = user_settings_locale($user_source, $locales);
     }
 
-- 
cgit v1.2.3-70-g09d2