external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not allow regular users to edit all accounts

Browse source 
Fixes a regression introduced in 03c6304 (Rework permission handling,
2014-07-15).

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2014-07-25 11:24:53 +02:00
parent 7df8dc8bcb
commit 34aa226c66
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
web/lib/acctfuncs.inc.php
View file

@ -1123,6 +1123,6 @@ function can_edit_account($acctinfo) {
return has_credential(CRED_ACCOUNT_EDIT_DEV); return has_credential(CRED_ACCOUNT_EDIT_DEV);
} }
$uid = uid_from_sid($_COOKIE['AURSID']); $uid = $acctinfo['ID'];
return has_credential(CRED_ACCOUNT_EDIT, array($uid)); return has_credential(CRED_ACCOUNT_EDIT, array($uid));
} }