From 235940ad337bdc6d540581115d2b206465832d9f Mon Sep 17 00:00:00 2001
From: Pierre <pierre@hubert.fr>
Date: Sun, 15 Apr 2018 14:51:36 +0200
Subject: [PATCH] Fixed an error in a security check

---
 classes/components/UserComponent.php | 32 ++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/classes/components/UserComponent.php b/classes/components/UserComponent.php
index bc83678..0c961bd 100644
--- a/classes/components/UserComponent.php
+++ b/classes/components/UserComponent.php
@@ -284,6 +284,10 @@ class UserComponent {
 		if(!$this->userAllowed($userID, $targetID))
 			return FALSE;
 		
+		//Check if the user allow posts on his page
+		if(!$this->allowPosts($targetID))
+			return FALSE;
+
 		//Check if the friendship of the users allow them to create posts
 		if(!CS::get()->components->friends->can_post_text($userID, $targetID))
 			return FALSE;
@@ -322,6 +326,34 @@ class UserComponent {
 		return $result[0]["bloquecommentaire"] == 0;
 	}
 
+	/**
+	 * Check whether a user allow posts on his page or not
+	 * 
+	 * @return bool TRUE if the psots are allowed / FALSE else
+	 */
+	private function allowPosts(int $userID) : bool {
+
+		//Fetch the information in the database
+		$conditions = "WHERE ID = ?";
+		$condValues = array($userID);
+		$fields = array("autoriser_post_amis");
+
+		//Perform the request
+		$result = CS::get()->db->select(
+			self::USER_TABLE,
+			$conditions,
+			$condValues,
+			$fields
+		);
+
+		//Check for errors
+		if(count($result) == 0)
+			return FAlSE;
+
+		//Return result
+		return $result[0]["autoriser_post_amis"] == 1;
+	}
+
 	/**
 	 * Check whether a user allow a public access over its friends list or not
 	 *