eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

Ensure only the application's owner can edit it

Browse Source
This commit is contained in:
Zach Copley
2010-01-13 18:20:03 +00:00
parent dda7a52645
commit 8cdea20ac5
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
actions/editapplication.php
View File

@@ -45,9 +45,9 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
class EditApplicationAction extends OwnerDesignAction
{
var $msg = null;
var $app = null;
var $msg = null;
var $owner = null;
var $app = null;
function title()
{
@@ -68,7 +68,14 @@ class EditApplicationAction extends OwnerDesignAction
}
$id = (int)$this->arg('id');
$this->app = Oauth_application::staticGet($id);
$this->app = Oauth_application::staticGet($id);
$this->owner = User::staticGet($this->app->owner);
$cur = common_current_user();
if ($cur->id != $this->owner->id) {
$this->clientError(_('You are not the owner of this application.'), 401);
}
if (!$this->app) {
$this->clientError(_('No such application.'));