Sécurité

This commit is contained in:
Yohann D'ANELLO 2020-01-22 22:18:55 +01:00
parent c64ef0646e
commit 2ee1c75d0c
3 changed files with 10 additions and 8 deletions

View File

@ -88,7 +88,7 @@ class AttributeTeam
public function __construct($data) public function __construct($data)
{ {
$this->team_id = $data["team"]; $this->team_id = htmlspecialchars($data["team"]);
$this->team = Team::fromId($this->team_id); $this->team = Team::fromId($this->team_id);
} }
@ -148,7 +148,7 @@ class ValidatePayment
global $user; global $user;
foreach ($data as $key => $value) foreach ($data as $key => $value)
$this->$key = $value; $this->$key = htmlspecialchars($value);
$this->payment = $user->getPayment(); $this->payment = $user->getPayment();
} }

View File

@ -36,7 +36,7 @@ class Pay {
public function __construct($data) public function __construct($data)
{ {
foreach ($data as $key => $value) foreach ($data as $key => $value)
$this->$key = $value; $this->$key = htmlspecialchars($value);
$this->method = PaymentMethod::fromName(strtoupper($this->method)); $this->method = PaymentMethod::fromName(strtoupper($this->method));

View File

@ -22,12 +22,14 @@ if (isset($user) && !$has_error) {
<form method="POST"> <form method="POST">
<div class="form-group row"> <div class="form-group row">
<div class="form-group col-md-12">
<label for="role">Rôle :</label> <label for="role">Rôle :</label>
<select id="role" name="role" onchange="selectRole()" class="custom-select"> <select id="role" name="role" onchange="selectRole()" class="custom-select">
<option value="participant"><?= Role::getTranslatedName(Role::PARTICIPANT) ?></option> <option value="participant"><?= Role::getTranslatedName(Role::PARTICIPANT) ?></option>
<option value="encadrant"><?= Role::getTranslatedName(Role::ENCADRANT) ?></option> <option value="encadrant"><?= Role::getTranslatedName(Role::ENCADRANT) ?></option>
</select> </select>
</div> </div>
</div>
<div class="form-row"> <div class="form-row">
<div class="form-group col-md-6"> <div class="form-group col-md-6">