diff --git a/includes/ajaxHandler/profile.class.php b/includes/ajaxHandler/profile.class.php index 5c6436cc..039121ae 100644 --- a/includes/ajaxHandler/profile.class.php +++ b/includes/ajaxHandler/profile.class.php @@ -14,6 +14,7 @@ class AjaxProfile extends AjaxHandler 'size' => [FILTER_SANITIZE_STRING, 0xC], // FILTER_FLAG_STRIP_LOW | *_HIGH 'guild' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet']], 'arena-team' => [FILTER_CALLBACK, ['options' => 'AjaxHandler::checkEmptySet']], + 'user' => [FILTER_CALLBACK, ['options' => 'AjaxProfile::checkUser']] ); protected $_post = array( @@ -714,6 +715,13 @@ class AjaxProfile extends AjaxHandler return null; } + protected function checkUser($val) + { + if (User::isValidName($val)) + return $val + + return null; + } } ?> diff --git a/pages/profile.php b/pages/profile.php index b596832f..1e9c4b7c 100644 --- a/pages/profile.php +++ b/pages/profile.php @@ -29,6 +29,9 @@ class ProfilePage extends GenericPage public function __construct($pageCall, $pageParam) { + if (!CFG_PROFILER_ENABLE) + $this->error(); + $params = array_map('urldecode', explode('.', $pageParam)); if ($params[0]) $params[0] = Profiler::urlize($params[0]); @@ -106,6 +109,8 @@ class ProfilePage extends GenericPage } else if (($params && $params[0]) || !isset($_GET['new'])) $this->notFound(); + else if (isset($_GET['new'])) + $this->mode = CACHE_TYPE_NONE; } protected function generateContent() diff --git a/pages/sound.php b/pages/sound.php index 9ec120e7..7bf5b4a8 100644 --- a/pages/sound.php +++ b/pages/sound.php @@ -31,6 +31,7 @@ class SoundPage extends GenericPage $this->cat = 1000; $this->articleUrl = 'sound&playlist'; $this->hasComContent = false; + $this->mode = CACHE_TYPE_NONE; } // regular case else