From a76aa428fa56df00678af839befd7fb420137c0a Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 12 Mar 2007 01:34:23 +0000
Subject: [PATCH] r1460: Add a few sanity checks in the mass-update system just
 in case

---
 search.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/search.php b/search.php
index c79c1c5..05e29a8 100644
--- a/search.php
+++ b/search.php
@@ -437,7 +437,7 @@ if ($_REQUEST['do'] == 'process')
 if ($_REQUEST['do'] == 'update')
 {
 	$search = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "search WHERE searchid = " . $bugsys->input_clean('searchid', TYPE_UINT) . " AND userid = " . $bugsys->userinfo['userid']);
-	if (!$search)
+	if (!$search OR !can_perform('caneditother'))
 	{
 		$message->errorPermission();
 	}
@@ -491,7 +491,7 @@ if ($_REQUEST['do'] == 'update')
 if ($_POST['do'] == 'doupdate')
 {
 	$search = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "search WHERE searchid = " . $bugsys->input_clean('searchid', TYPE_UINT) . " AND userid = " . $bugsys->userinfo['userid']);
-	if (!$search)
+	if (!$search OR !can_perform('caneditother'))
 	{
 		$message->errorPermission();
 	}
-- 
2.22.5