Remove POST['poll'] access

213980e8 · Antonin · 16143d4a · 213980e8 · 213980e8
Commit 213980e8 authored 9 years ago by Antonin
--- a/adminstuds.php
+++ b/adminstuds.php
@@ -46,12 +46,8 @@ $inputService = new InputService();
 /* PAGE */
 /* ---- */

-if (!empty($_POST['poll']) || !empty($_GET['poll'])) {
-    if (!empty($_POST['poll']))
-        $inputType = INPUT_POST;
-    else
-        $inputType = INPUT_GET;
-    $admin_poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
+if (!empty($_GET['poll'])) {
+    $admin_poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
    if (strlen($admin_poll_id) === 24) {
        $poll_id = substr($admin_poll_id, 0, 16);
        $poll = $pollService->findById($poll_id);

--- a/studs.php
+++ b/studs.php
@@ -92,13 +92,11 @@ function sendUpdateNotification($poll, $mailService, $name, $type) {
 /* PAGE */
 /* ---- */

-if (!empty($_POST['poll']) || !empty($_GET['poll'])) {
-    if (!empty($_POST['poll']))
-        $inputType = INPUT_POST;
-    else
-        $inputType = INPUT_GET;
-    $poll_id = filter_input($inputType, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
-    $poll = $pollService->findById($poll_id);
+if (!empty($_GET['poll'])) {
+    $poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
+    if (strlen($poll_id) === 16) {
+        $poll = $pollService->findById($poll_id);
+    }
 }

 if (!$poll) {