liquid_feedback_frontend
annotate app/main/member/_action/update_name.lua @ 224:bf735d8095aa
Fixed security related bug, security tokens were exposed through trace output.
| author | bsw |
|---|---|
| date | Tue May 17 03:23:16 2011 +0200 (2011-05-17) |
| parents | 733f65c0c0a0 |
| children | c587d8762e62 |
| rev | line source |
|---|---|
| bsw@9 | 1 local name = param.get("name") |
| bsw@9 | 2 |
| bsw@9 | 3 name = util.trim(name) |
| bsw@9 | 4 |
| bsw@75 | 5 if #name < 3 then |
| bsw@75 | 6 slot.put_into("error", _"This name is too short!") |
| bsw@75 | 7 return false |
| bsw@9 | 8 end |
| bsw@9 | 9 |
| bsw@9 | 10 app.session.member.name = name |
| bsw@9 | 11 |
| bsw@9 | 12 local db_error = app.session.member:try_save() |
| bsw@9 | 13 |
| bsw@9 | 14 if db_error then |
| bsw@9 | 15 if db_error:is_kind_of("IntegrityConstraintViolation.UniqueViolation") then |
| bsw@9 | 16 slot.put_into("error", _"This name is already taken, please choose another one!") |
| bsw@9 | 17 return false |
| bsw@9 | 18 end |
| bsw@9 | 19 db_error:escalate() |
| bsw@9 | 20 end |
| bsw@9 | 21 |
| bsw@9 | 22 slot.put_into("notice", _"Your name has been changed") |