Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

default/resources/account/change_password.php (1 issue)

1
<?php
2
/**
3
 * Page for resetting a forgotten password
4
 *
5
 * @package Elgg.Core
6
 * @subpackage Registration
7
 */
8
9
if (elgg_is_logged_in()) {
10
	forward();
11
}
12
13
elgg_signed_request_gatekeeper();
14
15
$user_guid = get_input('u');
16
$code = get_input('c');
17
18
$user = get_user($user_guid);
0 ignored issues
show
It seems like $user_guid can also be of type string; however, parameter $guid of get_user() does only seem to accept integer, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

18
$user = get_user(/** @scrutinizer ignore-type */ $user_guid);
Loading history...
19
20
// don't check code here to avoid automated attacks
21
if (!$user instanceof ElggUser) {
22
	register_error(elgg_echo('user:resetpassword:unknown_user'));
23
	forward();
24
}
25
26
$title = elgg_echo('changepassword');
27
28
$params = [
29
	'guid' => $user_guid,
30
	'code' => $code,
31
];
32
$content = elgg_view_form('user/changepassword', ['class' => 'elgg-form-account'], $params);
33
34
$shell = elgg_get_config('walled_garden') ? 'walled_garden' : 'default';
35
36
$body = elgg_view_layout('default', [
37
	'content' => $content,
38
	'title' => $title,
39
	'sidebar' => false,
40
]);
41
echo elgg_view_page($title, $body, $shell);
42