Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2287 from int2001/user_auth_fix

Browse Source 
SecFix: Added checking for session when editing or watching profile
This commit is contained in:
Peter Goodhall
2023-07-14 12:04:38 +01:00
committed by GitHub
parent d0e8804084 9a8ab050cb
commit cfdbf29c78
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
application/controllers/User.php
View File

@@ -178,7 +178,7 @@ class User extends CI_Controller {
function edit() {
$this->load->model('user_model');
if((!$this->user_model->authorize(99)) && ($this->session->userdata('user_id') != $this->uri->segment(3))) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
if ( ($this->session->userdata('user_id') == '') || ((!$this->user_model->authorize(99)) && ($this->session->userdata('user_id') != $this->uri->segment(3))) ) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
$query = $this->user_model->get_by_id($this->uri->segment(3));
$this->load->model('bands');
@@ -494,6 +494,7 @@ class User extends CI_Controller {
function profile() {
$this->load->model('user_model');
if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
$query = $this->user_model->get_by_id($this->session->userdata('user_id'));
$q = $query->row();
$data['page_title'] = "Profile";