fixes - removed wildcard "strip_tags"

flatCore · Oct 18, 2021 · 647ffb5 · 647ffb5
1 parent c8fd0b5
commit 647ffb5
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 14 deletions.
diff --git a/core/search.php b/core/search.php
@@ -2,7 +2,7 @@
 
 $start_search = "true";
 
-$s = sanitizeUserInputs($s);
+$s = sanitizeUserInputs($_REQUEST['s']);
 
 if($s != '' && strlen($s) < 3) {
 	$start_search = "false";

diff --git a/core/switch.php b/core/switch.php
@@ -465,6 +465,9 @@
 /* confirm new account */
 if($p == "account") {
 
+	$user = fc_return_clean_value($_GET['user']);
+	$al = fc_return_clean_value($_GET['al']);
+
 	$verify = $db_content->update("fc_user", [
 		"user_verified" => 'verified'
 		], [

diff --git a/core/user_management.php b/core/user_management.php
@@ -6,7 +6,7 @@
 
 unset($status_msg);
 
-if($goto == 'logout') {
+if($query == 'logout') {
 	if(is_numeric($_SESSION['user_id'])) {
 		// delete data from fc_tokens
 		$db_user->delete("fc_tokens",[
@@ -53,7 +53,7 @@
 if($_SESSION['user_nick'] != "") {
 
 	$status_msg = $lang['msg_login_true'];
-	$link_logout = $fc_base_url.'?goto=logout';
+	$link_logout = $fc_base_url.'logout';
 	$link_profile = FC_INC_DIR . "/profile/";
 
 	/* user == administrator */

diff --git a/core/user_updateprofile.php b/core/user_updateprofile.php
@@ -155,24 +155,25 @@
 
 
 	// show data in form	
-	if(is_file("content/avatars/".md5($_SESSION['user_nick']) . ".png")){
+	if(is_file("content/avatars/".md5($_SESSION['user_nick']) . ".png")) {
 
 		$avatar_url = FC_INC_DIR . "/content/avatars/".md5($_SESSION['user_nick']) . ".png";
 		$smarty->assign("avatar_url","$avatar_url");
 
-		$link_avatar_delete_url = $fc_base_url.'?p=profile&delete_avatar=true';
+		$link_avatar_delete_url = $fc_base_url.'profile/';
 		$link_avatar_delete = '<a href="'.$link_avatar_delete_url.'">'.$lang['link_delete_avatar'].'</a>';
 		$link_avatar_delete_text = $lang['link_delete_avatar'];
 
 		$smarty->assign("link_avatar_delete","$link_avatar_delete",true);
 		$smarty->assign("link_avatar_delete_url","$link_avatar_delete_url",true);
 		$smarty->assign("link_avatar_delete_text","$link_avatar_delete_text",true);
-
-		if($delete_avatar == true) {
-			unlink("content/avatars/".md5($_SESSION['user_nick']) . ".png");
-			$smarty->assign("avatar_url","",true);
-			$smarty->assign("link_avatar_delete","",true);
-		}
+	}
+
+	/* delete avatar */
+	if(isset($_POST['delete_avatar'])) {
+		unlink("content/avatars/".md5($_SESSION['user_nick']) . ".png");
+		$smarty->assign("avatar_url","",true);
+		$smarty->assign("link_avatar_delete","",true);
 	}
 
 

diff --git a/styles/default/templates/profile_main.tpl b/styles/default/templates/profile_main.tpl
@@ -101,9 +101,9 @@
 			<input name="avatar" type="file" size="50">
 			<hr>
 			<div class="btn-group">
-				<input class="btn btn-success btn-small" type="submit" name="upload_avatar" value="{$lang_button_save}">
-				{if isset($link_avatar_delete_url)}
-					<a class="btn btn-danger btn-small" href="{$link_avatar_delete_url}">{$link_avatar_delete_text}</a>
+				<input class="btn btn-success btn-sm" type="submit" name="upload_avatar" value="{$lang_button_save}">
+				{if isset($avatar_url)}
+					<input class="btn btn-danger btn-sm" type="submit" name="delete_avatar" value="{$link_avatar_delete_text}">
 				{/if}
 			</div>