Skip to content

Commit

Permalink
Add some filtering on the inputs
Browse files Browse the repository at this point in the history
  • Loading branch information
@Moc
Moc committed Jan 19, 2021
1 parent 3f05fc3 commit b0fe87f
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
3 changes: 2 additions & 1 deletion login.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@
$user_id = e107::getSession('2fa')->get('user_id');

// Set $totp, entered by user
$totp = $_POST['totp']; // TODO check input for digits only
$totp = intval($_POST['totp']);
$totp = (string) $totp;

if(!$tfa_class->processLogin($user_id, $totp))
{
Expand Down
9 changes: 6 additions & 3 deletions setup.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,8 +50,10 @@
// Setting up 2FA
if(!$tfaActivated && isset($_POST['enter-totp-enable']))
{
$secret_key = $_POST['secret_key']; // TODO - add some validation?
$totp = $_POST['totp']; // TODO - add some validation?
$secret_key = (string) $_POST['secret_key'];

$totp = intval($_POST['totp']);
$totp = (string) $totp;

if($tfa_class->processEnable(USERID, $secret_key, $totp))
{
Expand All @@ -66,7 +68,8 @@

if($tfaActivated && isset($_POST['enter-totp-disable']))
{
$totp = $_POST['totp']; // TODO - add some validation?
$totp = intval($_POST['totp']);
$totp = (string) $totp;

if($tfa_class->processDisable(USERID, $totp))
{
Expand Down

0 comments on commit b0fe87f

Please sign in to comment.