Changeset 14

Show
Ignore:
Timestamp:
08/16/06 09:47:28 (4 years ago)
Author:
fabien
Message:

fixed a security bug allowing to edit other users snippets (closes #4)

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/apps/snippets/modules/snippet/actions/actions.class.php

    r7 r14  
    6161    { 
    6262      $this->snippet = SnippetSnippetPeer::retrieveByPk($this->getRequestParameter('id')); 
    63       $this->forward404Unless($this->snippet || $this->getUser()->getUserId() != $this->snippet->getSnippetUser()->getId()); 
     63      $this->forward404Unless($this->snippet && $this->getUser()->getUserId() == $this->snippet->getSnippetUser()->getId()); 
    6464    } 
    6565    else