Security: Ensure that is the current user whose data is modified

chamilo · Mar 15, 2024 · a1a1e4d · a1a1e4d
1 parent 1121aec
commit a1a1e4d
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/main/auth/profile.php b/main/auth/profile.php
@@ -449,6 +449,7 @@ function show_image(image,width,height) {
 
     $wrong_current_password = false;
     $user_data = $form->getSubmitValues(1);
+    $user_data['item_id'] = api_get_user_id();
     /** @var User $user */
     $user = UserManager::getRepository()->find(api_get_user_id());