GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Ensure only the application's owner can edit it

Browse Source
This commit is contained in:
Zach Copley
2010-01-13 18:20:03 +00:00
parent dda7a52645
commit 8cdea20ac5
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
actions/editapplication.php
View File

@@ -45,9 +45,9 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
class EditApplicationAction extends OwnerDesignAction class EditApplicationAction extends OwnerDesignAction
{ {
var $msg = null; var $msg = null;
var $owner = null;
var $app = null; var $app = null;
function title() function title()
{ {
@@ -68,7 +68,14 @@ class EditApplicationAction extends OwnerDesignAction
} }
$id = (int)$this->arg('id'); $id = (int)$this->arg('id');
$this->app = Oauth_application::staticGet($id);
$this->app = Oauth_application::staticGet($id);
$this->owner = User::staticGet($this->app->owner);
$cur = common_current_user();
if ($cur->id != $this->owner->id) {
$this->clientError(_('You are not the owner of this application.'), 401);
}
if (!$this->app) { if (!$this->app) {
$this->clientError(_('No such application.')); $this->clientError(_('No such application.'));