Skip to content

Commit abdb829

Browse files
Merge pull request #7510 from christianbeeznest/GH-7506
User: Fix mail confirmation in registration settings - refs #7506
2 parents 2659b47 + 17da7a8 commit abdb829

2 files changed

Lines changed: 28 additions & 19 deletions

File tree

Lines changed: 27 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,45 @@
11
<?php
22
/* For license terms, see /license.txt */
33

4+
use Chamilo\CoreBundle\Entity\User;
45
use Chamilo\CoreBundle\Framework\Container;
56

67
require_once __DIR__.'/../inc/global.inc.php';
78

8-
$token = $_GET['token'] ?? '';
9+
$token = (string) ($_GET['token'] ?? '');
10+
$token = trim($token);
911

10-
if (!ctype_alnum($token)) {
12+
// Allow typical tokens (alnum, "_" and "-") to avoid rejecting UUID-like tokens.
13+
if ($token === '' || !preg_match('/^[a-zA-Z0-9_-]+$/', $token)) {
1114
$token = '';
1215
}
1316

14-
/** @var \Chamilo\CoreBundle\Entity\User $user */
15-
$user = Container::getUserRepository()->findUserByConfirmationToken($token);
17+
/** @var User|null $user */
18+
$user = null;
19+
if ($token !== '') {
20+
$user = Container::getUserRepository()->findOneBy(['confirmationToken' => $token]);
21+
}
1622

1723
if ($user) {
18-
$user->setActive(1); // Set to 1 to activate the user
24+
$user->setActive(1);
1925
$user->setConfirmationToken(null);
2026

2127
Database::getManager()->persist($user);
2228
Database::getManager()->flush();
2329

24-
// See where to redirect the user to, if any redirection has been set
30+
// Default redirect
2531
$url = api_get_path(WEB_PATH);
2632

27-
if (!empty($_GET['c'])) {
28-
$courseCode = Security::remove_XSS($_GET['c']);
29-
}
30-
if (!empty($_GET['s'])) {
31-
$sessionId = (int) $_GET['s'];
33+
$courseId = !empty($_GET['c']) ? (int) $_GET['c'] : 0;
34+
$sessionId = !empty($_GET['s']) ? (int) $_GET['s'] : 0;
35+
36+
$courseCode = '';
37+
if ($courseId > 0) {
38+
$courseInfo = api_get_course_info_by_id($courseId);
39+
$courseCode = (string) ($courseInfo['code'] ?? $courseInfo['course_code'] ?? $courseInfo['directory'] ?? '');
3240
}
3341

34-
// Get URL to a course, to a session, or an empty string
42+
// Get URL to a course (in session), to a session, or empty.
3543
$courseUrl = api_get_course_url($courseCode, $sessionId);
3644
if (!empty($courseUrl)) {
3745
$url = $courseUrl;
@@ -47,12 +55,13 @@
4755
Display::addFlash(
4856
Display::return_message(get_lang('User confirmed. Now you can login the platform.'), 'success')
4957
);
58+
5059
header('Location: '.$url);
5160
exit;
52-
} else {
53-
Display::addFlash(
54-
Display::return_message(get_lang('Link expired, please try again.'))
55-
);
56-
header('Location: '.api_get_path(WEB_PATH));
57-
exit;
5861
}
62+
63+
Display::addFlash(
64+
Display::return_message(get_lang('Link expired, please try again.'))
65+
);
66+
header('Location: '.api_get_path(WEB_PATH));
67+
exit;

src/CoreBundle/Entity/User.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1275,7 +1275,7 @@ public function getConfirmationToken(): ?string
12751275
return $this->confirmationToken;
12761276
}
12771277

1278-
public function setConfirmationToken(string $confirmationToken): self
1278+
public function setConfirmationToken(?string $confirmationToken): self
12791279
{
12801280
$this->confirmationToken = $confirmationToken;
12811281

0 commit comments

Comments
 (0)