Drift/pvv-nixos-config
Drift
/
pvv-nixos-config
16
4
Fork 1
Code Issues Pull Requests 6 Wiki Activity

Don't allow people who don't own a project to update it

This commit is contained in:
Markus Wang Halvorsen 2018-02-26 16:26:10 +01:00
parent e60195d431
commit 9fec2d56f4
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
www/prosjekt/update.php
View File

@ -44,6 +44,15 @@ if($id == 0){
$statement->execute(); $statement->execute();
}else{ }else{
$projectManager = new \pvv\side\ProjectManager($pdo);
$owner = $projectManager->getProjectOwner($id);
if($uname != $owner['uname']){
header('Content-Type: text/plain', true, 403);
echo "Not project owner for project with ID " . $id . "\r\n";
exit();
}
$query = 'UPDATE projects SET name=:title, description=:desc WHERE id=:id'; $query = 'UPDATE projects SET name=:title, description=:desc WHERE id=:id';
$statement = $pdo->prepare($query); $statement = $pdo->prepare($query);