diff --git a/includes/controller/shifts_controller.php b/includes/controller/shifts_controller.php index b166feeb..e1b3866b 100644 --- a/includes/controller/shifts_controller.php +++ b/includes/controller/shifts_controller.php @@ -386,7 +386,7 @@ function shifts_json_export_controller() if ( !$request->has('key') - || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || !$request->input('key') || !$user ) { throw new HttpForbidden('{"error":"Missing or invalid key"}', ['content-type' => 'application/json']); diff --git a/includes/pages/user_atom.php b/includes/pages/user_atom.php index e79b3d46..e21a13c4 100644 --- a/includes/pages/user_atom.php +++ b/includes/pages/user_atom.php @@ -15,7 +15,7 @@ function user_atom() if ( !$request->has('key') - || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || !$request->input('key') || empty($user) ) { throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']); @@ -50,7 +50,7 @@ function make_atom_entries_from_news($news_entries) ' . config('app_name') . ' ' . $request->getHttpHost() . htmlspecialchars(preg_replace( - '#[&?]key=[a-f\d]{32}#', + '#[&?]key=[a-f\d]+#', '', $request->getRequestUri() )) diff --git a/includes/pages/user_ical.php b/includes/pages/user_ical.php index 6af4cd5d..5d7ec83a 100644 --- a/includes/pages/user_ical.php +++ b/includes/pages/user_ical.php @@ -13,7 +13,7 @@ function user_ical() if ( !$request->has('key') - || !preg_match('/^[\da-f]{32}$/', $request->input('key')) + || !$request->input('key') || !$user ) { throw new HttpForbidden('Missing or invalid key', ['content-type' => 'text/text']);