From 43d4b1a0ab5e3d4bd75de9c659f5aae6d4c40eee Mon Sep 17 00:00:00 2001 From: webpwnized Date: Mon, 30 Sep 2024 14:50:21 -0400 Subject: [PATCH] 2.11.20 Adding view account profile --- src/view-account-profile.php | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/src/view-account-profile.php b/src/view-account-profile.php index 9200e78..d4773fb 100644 --- a/src/view-account-profile.php +++ b/src/view-account-profile.php @@ -3,20 +3,8 @@ switch ($_SESSION["security-level"]){ default: // Default case: This code is insecure case "0": // This code is insecure - // DO NOTHING: This is equivalent to using client side security - $lEnableJavaScriptValidation = false; - $lEnableHTMLControls = false; - $lProtectAgainstMethodTampering = false; - $lProtectAgainstIDOR = false; - $lProtectAgainstPasswordLeakage = false; - $lEncodeOutput = false; - break; - case "1": // This code is insecure // DO NOTHING: This is equivalent to using client side security - $lEnableJavaScriptValidation = true; - $lEnableHTMLControls = true; - $lProtectAgainstMethodTampering = false; $lProtectAgainstIDOR = false; $lProtectAgainstPasswordLeakage = false; $lEncodeOutput = false; @@ -30,9 +18,6 @@ * Concerning SQL Injection, use parameterized stored procedures. Parameterized * queries is not good enough. You cannot use least privilege with queries. */ - $lEnableJavaScriptValidation = true; - $lEnableHTMLControls = true; - $lProtectAgainstMethodTampering = true; $lProtectAgainstIDOR = true; $lProtectAgainstPasswordLeakage = true; $lEncodeOutput = true; @@ -98,7 +83,7 @@ } $lSignature = $Encoder->encodeForHTML($row->mysignature); }// end if - $lAPIKey = $row->apikey; // immutable data + $lAPIKey = $row->api_token; // immutable data } } catch (Exception $e) { @@ -110,14 +95,6 @@