ynerant
/
plateforme-tfjm2
mirror of https://gitlab.com/animath/si/plateforme.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Sécurité

This commit is contained in:
Yohann D'ANELLO 2020-01-22 22:18:55 +01:00
parent c64ef0646e
commit 2ee1c75d0c
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server_files/controllers/informations.php
View File

@ -88,7 +88,7 @@ class AttributeTeam
public function __construct($data) public function __construct($data)
{ {
$this->team_id = $data["team"]; $this->team_id = htmlspecialchars($data["team"]);
$this->team = Team::fromId($this->team_id); $this->team = Team::fromId($this->team_id);
} }
@ -148,7 +148,7 @@ class ValidatePayment
global $user; global $user;
foreach ($data as $key => $value) foreach ($data as $key => $value)
$this->$key = $value; $this->$key = htmlspecialchars($value);
$this->payment = $user->getPayment(); $this->payment = $user->getPayment();
} }

2
server_files/controllers/paiement.php
View File

@ -36,7 +36,7 @@ class Pay {
public function __construct($data) public function __construct($data)
{ {
foreach ($data as $key => $value) foreach ($data as $key => $value)
$this->$key = $value; $this->$key = htmlspecialchars($value);
$this->method = PaymentMethod::fromName(strtoupper($this->method)); $this->method = PaymentMethod::fromName(strtoupper($this->method));

12
server_files/views/inscription.php
View File

@ -22,11 +22,13 @@ if (isset($user) && !$has_error) {
<form method="POST"> <form method="POST">
<div class="form-group row"> <div class="form-group row">
<label for="role">Rôle :</label> <div class="form-group col-md-12">
<select id="role" name="role" onchange="selectRole()" class="custom-select"> <label for="role">Rôle :</label>
<option value="participant"><?= Role::getTranslatedName(Role::PARTICIPANT) ?></option> <select id="role" name="role" onchange="selectRole()" class="custom-select">
<option value="encadrant"><?= Role::getTranslatedName(Role::ENCADRANT) ?></option> <option value="participant"><?= Role::getTranslatedName(Role::PARTICIPANT) ?></option>
</select> <option value="encadrant"><?= Role::getTranslatedName(Role::ENCADRANT) ?></option>
</select>
</div>
</div> </div>
<div class="form-row"> <div class="form-row">