mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 06:35:15 +00:00
send a 403 for followers/following if permission is denied AND there is no observer.
This commit is contained in:
parent
6e52be89c3
commit
30426ffdf7
2 changed files with 13 additions and 4 deletions
|
@ -35,7 +35,12 @@ class Followers extends Controller
|
|||
|
||||
$sqlExtra = '';
|
||||
if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'view_contacts')) {
|
||||
$sqlExtra = ($observer_hash) ? " AND xchan_hash = '" . dbesc($observer_hash) . "' " : '';
|
||||
if ($observer_hash) {
|
||||
$sqlExtra = " AND xchan_hash = '" . dbesc($observer_hash) . "' ";
|
||||
}
|
||||
else {
|
||||
http_status_exit(403, 'Permission denied');
|
||||
}
|
||||
}
|
||||
|
||||
$t = q(
|
||||
|
|
|
@ -34,9 +34,13 @@ class Following extends Controller
|
|||
$observer_hash = get_observer_hash();
|
||||
|
||||
$sqlExtra = '';
|
||||
|
||||
if (!perm_is_allowed($channel['channel_id'], $observer_hash, 'view_contacts')) {
|
||||
$sqlExtra = ($observer_hash) ? " AND xchan_hash = '" . dbesc($observer_hash) . "' " : '';
|
||||
if ($observer_hash) {
|
||||
$sqlExtra = " AND xchan_hash = '" . dbesc($observer_hash) . "' ";
|
||||
}
|
||||
else {
|
||||
http_status_exit(403, 'Permission denied');
|
||||
}
|
||||
}
|
||||
|
||||
$t = q(
|
||||
|
|
Loading…
Reference in a new issue