mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-12-24 12:38:58 +00:00
Fixed an error in a security check
This commit is contained in:
parent
373aadcc96
commit
235940ad33
@ -284,6 +284,10 @@ class UserComponent {
|
||||
if(!$this->userAllowed($userID, $targetID))
|
||||
return FALSE;
|
||||
|
||||
//Check if the user allow posts on his page
|
||||
if(!$this->allowPosts($targetID))
|
||||
return FALSE;
|
||||
|
||||
//Check if the friendship of the users allow them to create posts
|
||||
if(!CS::get()->components->friends->can_post_text($userID, $targetID))
|
||||
return FALSE;
|
||||
@ -322,6 +326,34 @@ class UserComponent {
|
||||
return $result[0]["bloquecommentaire"] == 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether a user allow posts on his page or not
|
||||
*
|
||||
* @return bool TRUE if the psots are allowed / FALSE else
|
||||
*/
|
||||
private function allowPosts(int $userID) : bool {
|
||||
|
||||
//Fetch the information in the database
|
||||
$conditions = "WHERE ID = ?";
|
||||
$condValues = array($userID);
|
||||
$fields = array("autoriser_post_amis");
|
||||
|
||||
//Perform the request
|
||||
$result = CS::get()->db->select(
|
||||
self::USER_TABLE,
|
||||
$conditions,
|
||||
$condValues,
|
||||
$fields
|
||||
);
|
||||
|
||||
//Check for errors
|
||||
if(count($result) == 0)
|
||||
return FAlSE;
|
||||
|
||||
//Return result
|
||||
return $result[0]["autoriser_post_amis"] == 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check whether a user allow a public access over its friends list or not
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user