Fixed an error in a security check

2024-11-23 13:59:29 +00:00 · 2018-04-15 14:51:36 +02:00 · 2018-04-15 14:51:36 +02:00 · 235940ad33
commit 235940ad33
parent 373aadcc96
1 changed files with 32 additions and 0 deletions
--- a/classes/components/UserComponent.php
+++ b/classes/components/UserComponent.php
@ -284,6 +284,10 @@ class UserComponent {
 		if(!$this->userAllowed($userID, $targetID))
 			return FALSE;
 		
+		//Check if the user allow posts on his page
+		if(!$this->allowPosts($targetID))
+			return FALSE;
+
 		//Check if the friendship of the users allow them to create posts
 		if(!CS::get()->components->friends->can_post_text($userID, $targetID))
 			return FALSE;
@ -322,6 +326,34 @@ class UserComponent {
 		return $result[0]["bloquecommentaire"] == 0;
 	}

+	/**
+	 * Check whether a user allow posts on his page or not
+	 * 
+	 * @return bool TRUE if the psots are allowed / FALSE else
+	 */
+	private function allowPosts(int $userID) : bool {
+
+		//Fetch the information in the database
+		$conditions = "WHERE ID = ?";
+		$condValues = array($userID);
+		$fields = array("autoriser_post_amis");
+
+		//Perform the request
+		$result = CS::get()->db->select(
+			self::USER_TABLE,
+			$conditions,
+			$condValues,
+			$fields
+		);
+
+		//Check for errors
+		if(count($result) == 0)
+			return FAlSE;
+
+		//Return result
+		return $result[0]["autoriser_post_amis"] == 1;
+	}
+
 	/**
 	 * Check whether a user allow a public access over its friends list or not
 	 *