goodspeed/Cloudlog
1
0
派生 0
代码 工单 合并请求 项目 版本发布 软件包 百科 动态 Actions

SecFix: Added checking for session when editing or watching profile

浏览代码
这个提交包含在:
int2001 2023-07-14 11:00:39 +00:00
父节点 d0e8804084
当前提交 9a8ab050cb
共有 1 个文件被更改,包括 2 次插入1 次删除
显示统计信息 下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

3
application/controllers/User.php
查看文件

@ -178,7 +178,7 @@ class User extends CI_Controller {
function edit() { function edit() {
$this->load->model('user_model'); $this->load->model('user_model');
if((!$this->user_model->authorize(99)) && ($this->session->userdata('user_id') != $this->uri->segment(3))) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); } if ( ($this->session->userdata('user_id') == '') || ((!$this->user_model->authorize(99)) && ($this->session->userdata('user_id') != $this->uri->segment(3))) ) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
$query = $this->user_model->get_by_id($this->uri->segment(3)); $query = $this->user_model->get_by_id($this->uri->segment(3));
$this->load->model('bands'); $this->load->model('bands');
@ -494,6 +494,7 @@ class User extends CI_Controller {
function profile() { function profile() {
$this->load->model('user_model'); $this->load->model('user_model');
if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
$query = $this->user_model->get_by_id($this->session->userdata('user_id')); $query = $this->user_model->get_by_id($this->session->userdata('user_id'));
$q = $query->row(); $q = $query->row();
$data['page_title'] = "Profile"; $data['page_title'] = "Profile";