summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-01-13 18:20:03 +0000
committerZach Copley <zach@status.net>2010-01-14 02:41:09 +0000
commit8cdea20ac584bc08eb0e2e333934b29f69eff7c0 (patch)
treee903ecb7f166fe8f6fd8fcdcd8d1057af5a7ebc1 /actions
parentdda7a5264590b85d0fbec5574f18c162f1936ce5 (diff)
Ensure only the application's owner can edit it
Diffstat (limited to 'actions')
-rw-r--r--actions/editapplication.php15
1 files changed, 11 insertions, 4 deletions
diff --git a/actions/editapplication.php b/actions/editapplication.php
index a6db87c61..9cc3e3cea 100644
--- a/actions/editapplication.php
+++ b/actions/editapplication.php
@@ -45,9 +45,9 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
class EditApplicationAction extends OwnerDesignAction
{
- var $msg = null;
-
- var $app = null;
+ var $msg = null;
+ var $owner = null;
+ var $app = null;
function title()
{
@@ -68,7 +68,14 @@ class EditApplicationAction extends OwnerDesignAction
}
$id = (int)$this->arg('id');
- $this->app = Oauth_application::staticGet($id);
+
+ $this->app = Oauth_application::staticGet($id);
+ $this->owner = User::staticGet($this->app->owner);
+ $cur = common_current_user();
+
+ if ($cur->id != $this->owner->id) {
+ $this->clientError(_('You are not the owner of this application.'), 401);
+ }
if (!$this->app) {
$this->clientError(_('No such application.'));