Improvements

server/resources/ajax/ajax_change_availability.php

@@ -19,10 +19,20 @@ function generate_message($change_user, $action){
     return sprintf(t($action_string, false), $user->nameById($user->auth->getUserId()), $user_string);
 }
 
-if(!isset($_POST["change_id"]) || !isset($_POST["change_id"])){
+if(!isset($_POST["change_id"]) || !isset($_POST["change_id"]) || !is_numeric($_POST["change_id"])){
     http_response_code(400);
     echo(json_encode(["message" => t("Bad request.",false)]));
     exit();
+} else {
+    $rows = $db->select(
+        "SELECT available FROM ".DB_PREFIX."_profiles WHERE id = ?",
+        [$_POST["change_id"]]
+    );
+    if(is_null($rows) || count($rows) !== 1) {
+        http_response_code(400);
+        echo(json_encode(["message" => t("Bad request.",false)." ".t("User not exists.",false)]));
+        exit();
+    }
 }
 
 if(!$user->hasRole(Role::FULL_VIEWER) && $_POST["change_id"] !== $user->auth->getUserId()){

server/translations/en/base.php

@@ -128,5 +128,6 @@ return [
     "yes" => "yes",
     "no" => "no",
     "You are not authorized to perform this action." => "You are not authorized to perform this action.",
-    "Bad request." => "Bad request."
+    "Bad request." => "Bad request.",
+    "User not exists." => "User not exists."
 ];

server/translations/it/base.php

@@ -128,5 +128,6 @@ return [
     "yes" => "si",
     "no" => "no",
     "You are not authorized to perform this action." => "Non sei autorizzato ad eseguire questa azione.",
-    "Bad request." => "Errore nella richiesta."
+    "Bad request." => "Errore nella richiesta.",
+    "User not exists." => "L'utente non esiste."
 ];