Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2025-07-07 08:19:49 +03:00
Code Issues Projects Releases Packages Wiki Activity

Prevent everyone from changing the comment of the group owner

Browse source 
The vulnerability was there even before my commits, but I did not notice it :3
This commit is contained in:
Maxim Leshchenko 2021-11-09 14:37:30 +02:00
parent 4958988f43
commit e875a54d7b
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Web/Presenters/GroupPresenter.php
View file

@ -124,7 +124,7 @@ final class GroupPresenter extends OpenVKPresenter
if(!$user || !$club) if(!$user || !$club)
$this->notFound(); $this->notFound();
if(!$club->canBeModifiedBy($this->user->identity ?? NULL) && $club->getOwner()->getId() !== $user->getId()) if(!$club->canBeModifiedBy($this->user->identity ?? NULL))
$this->flashFail("err", "Ошибка доступа", "У вас недостаточно прав, чтобы изменять этот ресурс."); $this->flashFail("err", "Ошибка доступа", "У вас недостаточно прав, чтобы изменять этот ресурс.");
if(!is_null($hidden)) { if(!is_null($hidden)) {