[aur-dev] [PATCH] Do not allow regular users to edit all accounts
Lukas Fleischer
archlinux at cryptocrack.de
Fri Jul 25 05:32:21 EDT 2014
Fixes a regression introduced in 03c6304 (Rework permission handling,
2014-07-15).
Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
web/lib/acctfuncs.inc.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 943e80b..6232f83 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -1123,6 +1123,6 @@ function can_edit_account($acctinfo) {
return has_credential(CRED_ACCOUNT_EDIT_DEV);
}
- $uid = uid_from_sid($_COOKIE['AURSID']);
+ $uid = $acctinfo['ID'];
return has_credential(CRED_ACCOUNT_EDIT, array($uid));
}
--
2.0.2
More information about the aur-dev
mailing list