From a76aa428fa56df00678af839befd7fb420137c0a Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Mon, 12 Mar 2007 01:34:23 +0000 Subject: [PATCH] r1460: Add a few sanity checks in the mass-update system just in case --- search.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/search.php b/search.php index c79c1c5..05e29a8 100644 --- a/search.php +++ b/search.php @@ -437,7 +437,7 @@ if ($_REQUEST['do'] == 'process') if ($_REQUEST['do'] == 'update') { $search = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "search WHERE searchid = " . $bugsys->input_clean('searchid', TYPE_UINT) . " AND userid = " . $bugsys->userinfo['userid']); - if (!$search) + if (!$search OR !can_perform('caneditother')) { $message->errorPermission(); } @@ -491,7 +491,7 @@ if ($_REQUEST['do'] == 'update') if ($_POST['do'] == 'doupdate') { $search = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "search WHERE searchid = " . $bugsys->input_clean('searchid', TYPE_UINT) . " AND userid = " . $bugsys->userinfo['userid']); - if (!$search) + if (!$search OR !can_perform('caneditother')) { $message->errorPermission(); } -- 2.43.5