Comunic/ComunicAPI
1
0
Fork 0
mirror of https://github.com/pierre42100/ComunicAPI synced 2025-11-04 04:04:20 +00:00
Code Issues Projects Releases Wiki Activity

Fixed an error in a security check

Browse Source
This commit is contained in:
Pierre
2018-04-15 14:51:36 +02:00
parent 373aadcc96
commit 235940ad33
1 changed files with 32 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
classes/components/UserComponent.php
View File

@@ -284,6 +284,10 @@ class UserComponent {
if(!$this->userAllowed($userID, $targetID)) if(!$this->userAllowed($userID, $targetID))
return FALSE; return FALSE;
//Check if the user allow posts on his page
if(!$this->allowPosts($targetID))
return FALSE;
//Check if the friendship of the users allow them to create posts //Check if the friendship of the users allow them to create posts
if(!CS::get()->components->friends->can_post_text($userID, $targetID)) if(!CS::get()->components->friends->can_post_text($userID, $targetID))
return FALSE; return FALSE;
@@ -322,6 +326,34 @@ class UserComponent {
return $result[0]["bloquecommentaire"] == 0; return $result[0]["bloquecommentaire"] == 0;
} }
/**
* Check whether a user allow posts on his page or not
*
* @return bool TRUE if the psots are allowed / FALSE else
*/
private function allowPosts(int $userID) : bool {
//Fetch the information in the database
$conditions = "WHERE ID = ?";
$condValues = array($userID);
$fields = array("autoriser_post_amis");
//Perform the request
$result = CS::get()->db->select(
self::USER_TABLE,
$conditions,
$condValues,
$fields
);
//Check for errors
if(count($result) == 0)
return FAlSE;
//Return result
return $result[0]["autoriser_post_amis"] == 1;
}
/** /**
* Check whether a user allow a public access over its friends list or not * Check whether a user allow a public access over its friends list or not
* *