From 5c943be0213ff8f7f0af79a37e126c3e6c396017 Mon Sep 17 00:00:00 2001
From: bx khateri <bx@bxs-MacBook-Pro.local>
Date: Thu, 23 Nov 2023 15:56:59 +0100
Subject: [PATCH] edit profie

---
 edit_profile.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/edit_profile.php b/edit_profile.php
index 1481f8e..22939de 100644
--- a/edit_profile.php
+++ b/edit_profile.php
@@ -14,7 +14,7 @@ $user = NULL;
 // if logged user is admin 
 if (isset($_POST["profile_email"])) {
 
-    $logged_user = $_POST["profile_email"];
+    $logged_user = htmlspecialchars($_POST["profile_email"]);
     $user = $obj->getUserByEmail($obj, $logged_user);
 
 } else {
@@ -39,7 +39,7 @@ $fileSize = null;
 $fileError = null;
 
 if (isset($_POST['user_name'])) {
-    $provided_user_name = $_POST['user_name'];
+    $provided_user_name = htmlspecialchars($_POST['user_name']);
 }
 
 
@@ -51,15 +51,15 @@ if (isset($_FILES["profile_image"]["name"])) {
 }
 
 if (isset($_POST['password'])) {
-    $provided_password = $_POST['password'];
+    $provided_password = htmlspecialchars($_POST['password']);
 }
 
 if (isset($_POST['age'])) {
-    $provided_age = $_POST['age'];
+    $provided_age = htmlspecialchars($_POST['age']);
 }
 
 if (isset($_POST['bio'])) {
-    $provided_bio = $_POST['bio'];
+    $provided_bio = htmlspecialchars($_POST['bio']);
 }
 
 
-- 
GitLab