Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-20 06:35:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

send a 403 for followers/following if permission is denied AND there is no observer.

Browse source
This commit is contained in:
Mike Macgirvin 2022-12-05 05:46:33 +11:00
parent 6e52be89c3
commit 30426ffdf7
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Code/Module/Followers.php
View file

@ -35,7 +35,12 @@ class Followers extends Controller
$sqlExtra = '';
if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'view_contacts')) {
$sqlExtra = ($observer_hash) ? " AND xchan_hash = '" . dbesc($observer_hash) . "' " : '';
if ($observer_hash) {
$sqlExtra = " AND xchan_hash = '" . dbesc($observer_hash) . "' ";
}
else {
http_status_exit(403, 'Permission denied');
}
}
$t = q(

8
Code/Module/Following.php
View file

@ -34,9 +34,13 @@ class Following extends Controller
$observer_hash = get_observer_hash();
$sqlExtra = '';
if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'view_contacts')) {
$sqlExtra = ($observer_hash) ? " AND xchan_hash = '" . dbesc($observer_hash) . "' " : '';
if ($observer_hash) {
$sqlExtra = " AND xchan_hash = '" . dbesc($observer_hash) . "' ";
}
else {
http_status_exit(403, 'Permission denied');
}
}
$t = q(