kopia lustrzana https://github.com/magicbug/Cloudlog
Merge pull request #2287 from int2001/user_auth_fix
SecFix: Added checking for session when editing or watching profilepull/2288/head
commit
cfdbf29c78
|
@ -178,7 +178,7 @@ class User extends CI_Controller {
|
|||
|
||||
function edit() {
|
||||
$this->load->model('user_model');
|
||||
if((!$this->user_model->authorize(99)) && ($this->session->userdata('user_id') != $this->uri->segment(3))) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
|
||||
if ( ($this->session->userdata('user_id') == '') || ((!$this->user_model->authorize(99)) && ($this->session->userdata('user_id') != $this->uri->segment(3))) ) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
|
||||
$query = $this->user_model->get_by_id($this->uri->segment(3));
|
||||
|
||||
$this->load->model('bands');
|
||||
|
@ -494,6 +494,7 @@ class User extends CI_Controller {
|
|||
|
||||
function profile() {
|
||||
$this->load->model('user_model');
|
||||
if(!$this->user_model->authorize(2)) { $this->session->set_flashdata('notice', 'You\'re not allowed to do that!'); redirect('dashboard'); }
|
||||
$query = $this->user_model->get_by_id($this->session->userdata('user_id'));
|
||||
$q = $query->row();
|
||||
$data['page_title'] = "Profile";
|
||||
|
|
Ładowanie…
Reference in New Issue