[aur-dev] [PATCH] Do not allow regular users to edit all accounts
25 Jul
2014
25 Jul
'14
9:32 a.m.
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de> --- web/lib/acctfuncs.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 943e80b..6232f83 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -1123,6 +1123,6 @@ function can_edit_account($acctinfo) { return has_credential(CRED_ACCOUNT_EDIT_DEV); } - $uid = uid_from_sid($_COOKIE['AURSID']); + $uid = $acctinfo['ID']; return has_credential(CRED_ACCOUNT_EDIT, array($uid)); } -- 2.0.2
3728
Age (days ago)
3728
Last active (days ago)
0 comments
1 participants
participants (1)
-
Lukas Fleischer