DataObjects/Core_person.php

author Alan Knowles <alan@roojs.com>

Thu, 17 Dec 2020 06:58:11 +0000 (14:58 +0800)

committer Alan Knowles <alan@roojs.com>

Thu, 17 Dec 2020 06:58:11 +0000 (14:58 +0800)
author Alan Knowles <alan@roojs.com>
Thu, 17 Dec 2020 06:58:11 +0000 (14:58 +0800)
committer Alan Knowles <alan@roojs.com>
Thu, 17 Dec 2020 06:58:11 +0000 (14:58 +0800)
diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php

index dbc3a5c..030c595 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -565,15 +565,19 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
      {
          $bits = explode("/",$called);
          if (count($bits) < 4) {
-            return false;
+            return false; // unrelated.
          }
          $hash = array_pop($bits);
          $time = array_pop($bits);
+        
          $id = array_pop($bits);
+        if (!is_numeric($time) || !is_numeric($id)) {
+            return false; // wrong format.
+        }
          $u = DB_DataObject::Factory($this->tableName());
          $u->get($id);
          $url = implode("/", $bits);
-         if ($time < time()) {
+        if ($time < time()) {
              return false;
          }
          //echo serialize(array('/'.$url, $time, $u->email, $u->passwd));
author	Alan Knowles <alan@roojs.com>
	Thu, 17 Dec 2020 06:58:11 +0000 (14:58 +0800)
committer	Alan Knowles <alan@roojs.com>
	Thu, 17 Dec 2020 06:58:11 +0000 (14:58 +0800)