From 750af75eb22b5c1f7ac85dc9f7815f32bc94ed54 Mon Sep 17 00:00:00 2001
From: PavelBegunkov <asml.Silence@gmail.com>
Date: Tue, 24 Feb 2015 17:15:03 +0300
Subject: [PATCH] HOT FIX: security breach

---
 .../application/classes/Controller/Handler/Settings.php     | 6 ++++--
 ~dev_rating/modules/account/classes/Kohana/User.php         | 5 +++--
 .../modules/account/classes/Model/Kohana/Account.php        | 1 +
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/~dev_rating/application/classes/Controller/Handler/Settings.php b/~dev_rating/application/classes/Controller/Handler/Settings.php
index 6fa77af8a..aa184f91c 100644
--- a/~dev_rating/application/classes/Controller/Handler/Settings.php
+++ b/~dev_rating/application/classes/Controller/Handler/Settings.php
@@ -100,7 +100,9 @@ class Controller_Handler_Settings extends Controller_Handler {
             $this->post
                 ->rule('semesterID', 'not_empty')
                 ->rule('semesterID', 'digit');
-            $semesterID = $this->post->offsetGet('semesterID');
-            User::instance()->SetSemester($semesterID);
+            if($this->post->check()) {
+                $semesterID = $this->post->offsetGet('semesterID');
+                User::instance()->SetSemester($semesterID);
+            }
         }
 }
\ No newline at end of file
diff --git a/~dev_rating/modules/account/classes/Kohana/User.php b/~dev_rating/modules/account/classes/Kohana/User.php
index 4bbb05f51..d4cfda8fd 100644
--- a/~dev_rating/modules/account/classes/Kohana/User.php
+++ b/~dev_rating/modules/account/classes/Kohana/User.php
@@ -57,8 +57,9 @@ class Kohana_User implements ArrayAccess {
     }
     
     public function SetSemester($semesterID) {
-        $this->_model->SetSemesterID($semesterID);
-        $this->_session->set("SemesterID", $semesterID);
+        $res = $this->_model->SetSemesterID($semesterID);
+        if ($res >= 0)
+            $this->_session->set("SemesterID", "$semesterID");
     }
 
     
diff --git a/~dev_rating/modules/account/classes/Model/Kohana/Account.php b/~dev_rating/modules/account/classes/Model/Kohana/Account.php
index a782516dc..677e86801 100644
--- a/~dev_rating/modules/account/classes/Model/Kohana/Account.php
+++ b/~dev_rating/modules/account/classes/Model/Kohana/Account.php
@@ -175,6 +175,7 @@ class Model_Kohana_Account extends Model
     {
         $sql = "SELECT `SetSemesterID`('$semesterID') AS `Num`; ";
         $res = DB::query(Database::SELECT, $sql)->execute();
+        $id = 0;
         foreach ($res as $value) {
             $id = $value['Num'];
         }
-- 
GitLab