Ensure sensitive data is sent as POST parameters in user management (#13621)

author: Stefan Giehl <stefan@piwik.org> 2018-10-17 00:51:33 +0300
committer: diosmosis <diosmosis@users.noreply.github.com> 2018-10-17 00:51:33 +0300
commit: b7d9f11b1a95739317fac37d7e00a474f3b9b504 (patch)
tree: 7cefcced03824f84f0260a0b654fb5facf21e929 /plugins/UsersManager
parent: ca34887a396dcf74e9045e5d3ca66971c970b075 (diff)
3 files changed, 10 insertions, 5 deletions
diff --git a/plugins/UsersManager/angularjs/user-edit-form/user-edit-form.component.js b/plugins/UsersManager/angularjs/user-edit-form/user-edit-form.component.js
index f5bbe864ad..e8e9483935 100644
--- a/plugins/UsersManager/angularjs/user-edit-form/user-edit-form.component.js
+++ b/plugins/UsersManager/angularjs/user-edit-form/user-edit-form.component.js
@@ -84,7 +84,8 @@
         function toggleSuperuserAccess() {
             vm.isSavingUserInfo = true;
             piwikApi.post({
-                method: 'UsersManager.setSuperUserAccess',
+                method: 'UsersManager.setSuperUserAccess'
+            }, {
                 userLogin: vm.user.login,
                 hasSuperUserAccess: vm.user.superuser_access ? '1' : '0'
             }).catch(function () {
@@ -114,7 +115,8 @@
         function createUser() {
             vm.isSavingUserInfo = true;
             return piwikApi.post({
-                method: 'UsersManager.addUser',
+                method: 'UsersManager.addUser'
+            }, {
                 userLogin: vm.user.login,
                 password: vm.user.password,
                 email: vm.user.email,
@@ -137,7 +139,8 @@
         function updateUser() {
             vm.isSavingUserInfo = true;
             return piwikApi.post({
-                method: 'UsersManager.updateUser',
+                method: 'UsersManager.updateUser'
+            }, {
                 userLogin: vm.user.login,
                 password: vm.isPasswordChanged ? vm.user.password : undefined,
                 email: vm.user.email,
diff --git a/plugins/UsersManager/angularjs/user-permissions-edit/user-permissions-edit.component.js b/plugins/UsersManager/angularjs/user-permissions-edit/user-permissions-edit.component.js
index a527b8ec81..8af3fe206c 100644
--- a/plugins/UsersManager/angularjs/user-permissions-edit/user-permissions-edit.component.js
+++ b/plugins/UsersManager/angularjs/user-permissions-edit/user-permissions-edit.component.js
@@ -177,7 +177,8 @@
                 return getSelectedSites();
             }).then(function (idSites) {
                 return piwikApi.post({
-                    method: 'UsersManager.setUserAccess',
+                    method: 'UsersManager.setUserAccess'
+                }, {
                     userLogin: vm.userLogin,
                     access: vm.roleToChangeTo,
                     'idSites[]': idSites
diff --git a/plugins/UsersManager/angularjs/users-manager/users-manager.component.js b/plugins/UsersManager/angularjs/users-manager/users-manager.component.js
index d5292174bd..ffe85ffc36 100644
--- a/plugins/UsersManager/angularjs/users-manager/users-manager.component.js
+++ b/plugins/UsersManager/angularjs/users-manager/users-manager.component.js
@@ -203,7 +203,8 @@
                 });
             }).then(function (login) {
                 return piwikApi.post({
-                    method: 'UsersManager.setUserAccess',
+                    method: 'UsersManager.setUserAccess'
+                }, {
                     userLogin: login,
                     access: 'view',
                     idSites: vm.searchParams.idSite
author	Stefan Giehl <stefan@piwik.org>	2018-10-17 00:51:33 +0300
committer	diosmosis <diosmosis@users.noreply.github.com>	2018-10-17 00:51:33 +0300
commit	b7d9f11b1a95739317fac37d7e00a474f3b9b504 (patch)
tree	7cefcced03824f84f0260a0b654fb5facf21e929 /plugins/UsersManager
parent	ca34887a396dcf74e9045e5d3ca66971c970b075 (diff)