GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

disallow access to out-of-scope bookmark

Browse Source
This commit is contained in:
Evan Prodromou 2011-03-28 22:50:45 -04:00
parent 57dee164ca
commit 2856982a1c
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/Bookmark/showbookmark.php
View File

@ -76,6 +76,16 @@ class ShowbookmarkAction extends ShownoticeAction
throw new ClientException(_('No such bookmark.'), 404); throw new ClientException(_('No such bookmark.'), 404);
} }
if (!empty($cur)) {
$curProfile = $cur->getProfile();
} else {
$curProfile = null;
}
if (!$this->notice->inScope($curProfile)) {
throw new ClientException(_('Not available.'), 403);
}
$this->user = User::staticGet('id', $this->bookmark->profile_id); $this->user = User::staticGet('id', $this->bookmark->profile_id);
if (empty($this->user)) { if (empty($this->user)) {