Merge pull request #17 from noten-app/#16-Fix-Parameter-Security-Disi…

…mprovements 🐛 💩 Fix Parameter Security Disimprovements #16
noten-app · Sep 22, 2023 · ac54130 · ac54130
2 parents 5697a9c + 7cefa9a
commit ac54130
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 21 deletions.
diff --git a/classes/add/index.php b/classes/add/index.php
@@ -1,11 +1,5 @@
 <?php
 
-// Check if class url-parameter is given
-if (!isset($_GET["class"])) header("Location: /classes");
-$class_id = htmlspecialchars($_GET["class"]);
-// Check if class is a-z or 0-9
-if (!preg_match("/^[a-z0-9]*$/", $class_id)) header("Location: /classes");
-
 // Check login state
 require("../../res/php/session.php");
 start_session();
@@ -138,7 +132,6 @@
         <div class="class_add">
             <div>Create class <i class="fas fa-plus"></i></div>
         </div>
-        <div id="class_id" style="display: none;"><?= $class_id ?></div>
     </main>
     <script src="https://assets.noten-app.de/js/jquery/jquery-3.6.1.min.js"></script>
     <script src="https://assets.noten-app.de/js/themes/themes.js"></script>

diff --git a/homework/add/index.php b/homework/add/index.php
@@ -1,11 +1,5 @@
 <?php
 
-// Check if class url-parameter is given
-if (!isset($_GET["class"])) header("Location: /classes");
-$class_id = htmlspecialchars($_GET["class"]);
-// Check if class is a-z or 0-9
-if (!preg_match("/^[a-z0-9]*$/", $class_id)) header("Location: /classes");
-
 // Check login state
 require("../../res/php/session.php");
 start_session();
@@ -144,7 +138,6 @@
         <div class="class_add">
             <div>Add task <i class="fas fa-plus"></i></div>
         </div>
-        <div id="class_id" style="display: none;"><?= $class_id ?></div>
     </main>
     <script src="https://assets.noten-app.de/js/jquery/jquery-3.6.1.min.js"></script>
     <script src="https://assets.noten-app.de/js/themes/themes.js"></script>

diff --git a/homework/edit/index.php b/homework/edit/index.php
@@ -1,11 +1,5 @@
 <?php
 
-// Check if class url-parameter is given
-if (!isset($_GET["class"])) header("Location: /classes");
-$class_id = htmlspecialchars($_GET["class"]);
-// Check if class is a-z or 0-9
-if (!preg_match("/^[a-z0-9]*$/", $class_id)) header("Location: /classes");
-
 // Check login state
 require("../../res/php/session.php");
 start_session();
@@ -163,7 +157,6 @@
             <div id="task_mark_undone"><i class="fa-regular fa-circle-xmark"></i></div>
             <div id="task_delete"><i class="fa-solid fa-trash-can"></i></div>
         </div>
-        <div id="class_id" style="display: none;"><?= $class_id ?></div>
     </main>
     <script>
         var type = "<?= $task["type"] ?>";