From c9269f76aea01f3436bd3666fb7bcf0d29579984 Mon Sep 17 00:00:00 2001
From: Jason Coward <jason@opengeek.com>
Date: Wed, 27 Sep 2023 11:58:19 -0600
Subject: [PATCH] Harden security/profile/get processor (#16439)

- 2.x backport of #16437
---
 .../processors/security/profile/get.class.php | 187 +++++++++---------
 1 file changed, 93 insertions(+), 94 deletions(-)

diff --git a/core/model/modx/processors/security/profile/get.class.php b/core/model/modx/processors/security/profile/get.class.php
index 5a892cec3d8..c6d3bff1ab8 100644
--- a/core/model/modx/processors/security/profile/get.class.php
+++ b/core/model/modx/processors/security/profile/get.class.php
@@ -1,94 +1,93 @@
-<?php
-/*
- * This file is part of MODX Revolution.
- *
- * Copyright (c) MODX, LLC. All Rights Reserved.
- *
- * For complete copyright and license information, see the COPYRIGHT and LICENSE
- * files found in the top-level directory of this distribution.
- */
-
-/**
- * Get a user profile
- *
- * @param integer $id The ID of the user
- *
- * @package modx
- * @subpackage processors.security.profile
- */
-class modProfileGetProcessor extends modProcessor {
-    /** @var modUser $user */
-    public $user;
-
-    public function checkPermissions() {
-        return $this->modx->hasPermission('change_profile');
-    }
-
-    public function getLanguageTopics() {
-        return array('user');
-    }
-
-    public function initialize() {
-        $id = $this->getProperty('id');
-        if (empty($id)) return $this->modx->lexicon('user_err_ns');
-        $this->user = $this->modx->getObject('modUser',$id);
-        if (!$this->user) return $this->modx->lexicon('user_err_not_found');
-        return true;
-    }
-    
-    public function process() {
-        /* if set, get groups for user */
-        if ($this->getProperty('getGroups',false)) {
-            $this->getUserGroups();
-        }
-
-        $userArray = $this->user->toArray();
-        $profile = $this->user->getOne('Profile');
-        if ($profile) {
-            $userArray = array_merge($profile->toArray(),$userArray);
-        }
-
-        $userArray['dob'] = !empty($userArray['dob']) ? strftime('%m/%d/%Y',$userArray['dob']) : '';
-        $userArray['blockeduntil'] = !empty($userArray['blockeduntil']) ? strftime('%m/%d/%Y %I:%M %p',$userArray['blockeduntil']) : '';
-        $userArray['blockedafter'] = !empty($userArray['blockedafter']) ? strftime('%m/%d/%Y %I:%M %p',$userArray['blockedafter']) : '';
-        $userArray['lastlogin'] = !empty($userArray['lastlogin']) ? strftime('%m/%d/%Y',$userArray['lastlogin']) : '';
-
-        return $this->success('',$userArray);
-    }
-
-    /**
-     * Get the User Groups for the user
-     * @return array
-     */
-    public function getUserGroups() {
-        $c = $this->modx->newQuery('modUserGroupMember');
-        $c->leftJoin('modUserGroupRole','UserGroupRole');
-        $c->innerJoin('modUserGroup','UserGroup');
-        $c->where(array(
-            'member' => $this->user->get('id'),
-        ));
-        $c->select($this->modx->getSelectColumns('modUserGroupMember','modUserGroupMember'));
-        $c->select(array(
-            'role_name' => 'UserGroupRole.name',
-            'user_group_name' => 'UserGroup.name',
-        ));
-        $members = $this->modx->getCollection('modUserGroupMember',$c);
-
-        $data = array();
-        /** @var modUserGroupMember $member */
-        foreach ($members as $member) {
-            $roleName = $member->get('role_name');
-            if ($member->get('role') == 0) { $roleName = $this->modx->lexicon('none'); }
-            $data[] = array(
-                $member->get('user_group'),
-                $member->get('user_group_name'),
-                $member->get('member'),
-                $member->get('role'),
-                empty($roleName) ? '' : $roleName,
-            );
-        }
-        $this->user->set('groups','(' . $this->modx->toJSON($data) . ')');
-        return $data;
-    }
-}
-return 'modProfileGetProcessor';
+<?php
+/*
+ * This file is part of MODX Revolution.
+ *
+ * Copyright (c) MODX, LLC. All Rights Reserved.
+ *
+ * For complete copyright and license information, see the COPYRIGHT and LICENSE
+ * files found in the top-level directory of this distribution.
+ */
+
+/**
+ * Get a user profile
+ *
+ * @param integer $id The ID of the user
+ *
+ * @package modx
+ * @subpackage processors.security.profile
+ */
+class modProfileGetProcessor extends modProcessor {
+    /** @var modUser $user */
+    public $user;
+
+    public function checkPermissions() {
+        return $this->modx->hasPermission('change_profile');
+    }
+
+    public function getLanguageTopics() {
+        return array('user');
+    }
+
+    public function initialize() {
+        $this->user = $this->modx->user;
+        if (!$this->user) return $this->modx->lexicon('user_err_not_found');
+        return true;
+    }
+
+    public function process() {
+        /* if set, get groups for user */
+        if ($this->getProperty('getGroups',false)) {
+            $this->getUserGroups();
+        }
+
+        $userArray = $this->user->toArray();
+        $profile = $this->user->getOne('Profile');
+        if ($profile) {
+            $userArray = array_merge($profile->toArray(),$userArray);
+        }
+
+        $userArray['dob'] = !empty($userArray['dob']) ? strftime('%m/%d/%Y',$userArray['dob']) : '';
+        $userArray['blockeduntil'] = !empty($userArray['blockeduntil']) ? strftime('%m/%d/%Y %I:%M %p',$userArray['blockeduntil']) : '';
+        $userArray['blockedafter'] = !empty($userArray['blockedafter']) ? strftime('%m/%d/%Y %I:%M %p',$userArray['blockedafter']) : '';
+        $userArray['lastlogin'] = !empty($userArray['lastlogin']) ? strftime('%m/%d/%Y',$userArray['lastlogin']) : '';
+
+        unset($userArray['password'], $userArray['cachepwd'], $userArray['sessionid'], $userArray['salt']);
+        return $this->success('',$userArray);
+    }
+
+    /**
+     * Get the User Groups for the user
+     * @return array
+     */
+    public function getUserGroups() {
+        $c = $this->modx->newQuery('modUserGroupMember');
+        $c->leftJoin('modUserGroupRole','UserGroupRole');
+        $c->innerJoin('modUserGroup','UserGroup');
+        $c->where(array(
+            'member' => $this->user->get('id'),
+        ));
+        $c->select($this->modx->getSelectColumns('modUserGroupMember','modUserGroupMember'));
+        $c->select(array(
+            'role_name' => 'UserGroupRole.name',
+            'user_group_name' => 'UserGroup.name',
+        ));
+        $members = $this->modx->getCollection('modUserGroupMember',$c);
+
+        $data = array();
+        /** @var modUserGroupMember $member */
+        foreach ($members as $member) {
+            $roleName = $member->get('role_name');
+            if ($member->get('role') == 0) { $roleName = $this->modx->lexicon('none'); }
+            $data[] = array(
+                $member->get('user_group'),
+                $member->get('user_group_name'),
+                $member->get('member'),
+                $member->get('role'),
+                empty($roleName) ? '' : $roleName,
+            );
+        }
+        $this->user->set('groups','(' . $this->modx->toJSON($data) . ')');
+        return $data;
+    }
+}
+return 'modProfileGetProcessor';