diff options
author | Stefan Giehl <stefan@piwik.org> | 2018-10-17 00:51:33 +0300 |
---|---|---|
committer | diosmosis <diosmosis@users.noreply.github.com> | 2018-10-17 00:51:33 +0300 |
commit | b7d9f11b1a95739317fac37d7e00a474f3b9b504 (patch) | |
tree | 7cefcced03824f84f0260a0b654fb5facf21e929 | |
parent | ca34887a396dcf74e9045e5d3ca66971c970b075 (diff) |
Ensure sensitive data is sent as POST parameters in user management (#13621)
3 files changed, 10 insertions, 5 deletions
diff --git a/plugins/UsersManager/angularjs/user-edit-form/user-edit-form.component.js b/plugins/UsersManager/angularjs/user-edit-form/user-edit-form.component.js index f5bbe864ad..e8e9483935 100644 --- a/plugins/UsersManager/angularjs/user-edit-form/user-edit-form.component.js +++ b/plugins/UsersManager/angularjs/user-edit-form/user-edit-form.component.js @@ -84,7 +84,8 @@ function toggleSuperuserAccess() { vm.isSavingUserInfo = true; piwikApi.post({ - method: 'UsersManager.setSuperUserAccess', + method: 'UsersManager.setSuperUserAccess' + }, { userLogin: vm.user.login, hasSuperUserAccess: vm.user.superuser_access ? '1' : '0' }).catch(function () { @@ -114,7 +115,8 @@ function createUser() { vm.isSavingUserInfo = true; return piwikApi.post({ - method: 'UsersManager.addUser', + method: 'UsersManager.addUser' + }, { userLogin: vm.user.login, password: vm.user.password, email: vm.user.email, @@ -137,7 +139,8 @@ function updateUser() { vm.isSavingUserInfo = true; return piwikApi.post({ - method: 'UsersManager.updateUser', + method: 'UsersManager.updateUser' + }, { userLogin: vm.user.login, password: vm.isPasswordChanged ? vm.user.password : undefined, email: vm.user.email, diff --git a/plugins/UsersManager/angularjs/user-permissions-edit/user-permissions-edit.component.js b/plugins/UsersManager/angularjs/user-permissions-edit/user-permissions-edit.component.js index a527b8ec81..8af3fe206c 100644 --- a/plugins/UsersManager/angularjs/user-permissions-edit/user-permissions-edit.component.js +++ b/plugins/UsersManager/angularjs/user-permissions-edit/user-permissions-edit.component.js @@ -177,7 +177,8 @@ return getSelectedSites(); }).then(function (idSites) { return piwikApi.post({ - method: 'UsersManager.setUserAccess', + method: 'UsersManager.setUserAccess' + }, { userLogin: vm.userLogin, access: vm.roleToChangeTo, 'idSites[]': idSites diff --git a/plugins/UsersManager/angularjs/users-manager/users-manager.component.js b/plugins/UsersManager/angularjs/users-manager/users-manager.component.js index d5292174bd..ffe85ffc36 100644 --- a/plugins/UsersManager/angularjs/users-manager/users-manager.component.js +++ b/plugins/UsersManager/angularjs/users-manager/users-manager.component.js @@ -203,7 +203,8 @@ }); }).then(function (login) { return piwikApi.post({ - method: 'UsersManager.setUserAccess', + method: 'UsersManager.setUserAccess' + }, { userLogin: login, access: 'view', idSites: vm.searchParams.idSite |