Validate the existence of the required parameters when setting passwords

src/misc/results_values.php

@@ -28,6 +28,10 @@ define("OK_ACCOUNT", "OK_ACCOUNT");
 define("MISSING_PHONE_PARAM", "ERROR_PHONE_PARAMETER_NOT_FOUND");
 define("MISSING_USERNAME_PARAM", "ERROR_USERNAME_PARAMETER_NOT_FOUND");
 define("MISSING_EMAIL_PARAM", "ERROR_EMAIL_PARAMETER_NOT_FOUND");
+define("MISSING_OLD_HASH", "ERROR_OLD_HASH_NOT_FOUND");
+define("MISSING_NEW_HASH", "ERROR_NEW_HASH_NOT_FOUND");
+define("MISSING_MD5_HASH", "ERROR_MD5_HASH_NOT_FOUND");
+define("MISSING_SHA256_HASH", "ERROR_SHA256_HASH_NOT_FOUND");
 define("EMAIL_UNCHANGED", "ERROR_EMAIL_NEW_SAME_AS_OLD");
 
 /* Parameter not available because already in use */

src/xmlrpc/passwords.php

@@ -42,6 +42,10 @@ function xmlrpc_update_password($method, $args)
 
     if (!check_parameter($username)) {
         return MISSING_USERNAME_PARAM;
+    } elseif (!check_parameter($hashed_old_password, "old password")) {
+        return MISSING_OLD_HASH;
+    } elseif (!check_parameter($hashed_new_password, "md5 password")) {
+        return MISSING_NEW_HASH;
     } elseif ($algo == null) {
         return ALGO_NOT_SUPPORTED;
     }
@@ -83,6 +87,16 @@ function xmlrpc_update_passwords($method, $args)
     $sha256_hashed_password = $args[3];
     $domain = get_domain($args[4]);
 
+    if (!check_parameter($username)) {
+        return MISSING_USERNAME_PARAM;
+    } elseif (!check_parameter($hashed_password, "old password")) {
+        return MISSING_OLD_HASH;
+    } elseif (!check_parameter($md5_hashed_password, "md5 password")) {
+        return MISSING_MD5_HASH;
+    } elseif (!check_parameter($sha256_hashed_password, "sha256 password")) {
+        return MISSING_SHA256_HASH;
+    }
+
     Logger::getInstance()->message("[XMLRPC] xmlrpc_update_passwords(" . $username . ", " . $domain . ")");
 
     $database = new Database();