Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

resources/uservalidationbyemail/confirm.php (1 issue)

Labels
Severity
1
<?php
2
3
elgg_signed_request_gatekeeper();
4
5
$user_guid = get_input('u', false);
6
7
// new users are not enabled by default.
8
$access_status = access_show_hidden_entities(true);
9
10
$user = get_user($user_guid);
0 ignored issues
show
It seems like $user_guid can also be of type false and string; however, parameter $guid of get_user() does only seem to accept integer, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

10
$user = get_user(/** @scrutinizer ignore-type */ $user_guid);
Loading history...
11
if (!$user) {
12
	return elgg_error_response(elgg_echo('email:confirm:fail'));
13
}
14
15
$user->setValidationStatus(true, 'email');
16
17
elgg_push_context('uservalidationbyemail_validate_user');
18
$user->enable();
19
elgg_pop_context();
20
21
try {
22
	login($user);
23
} catch (LoginException $e) {
24
	return elgg_error_response($e->getMessage());
25
}
26
27
access_show_hidden_entities($access_status);
28
29
return elgg_ok_response('', elgg_echo('email:confirm:success'));
30