diff options
author | Zach Copley <zach@status.net> | 2010-01-13 18:20:03 +0000 |
---|---|---|
committer | Zach Copley <zach@status.net> | 2010-01-14 02:41:09 +0000 |
commit | 8cdea20ac584bc08eb0e2e333934b29f69eff7c0 (patch) | |
tree | e903ecb7f166fe8f6fd8fcdcd8d1057af5a7ebc1 /actions | |
parent | dda7a5264590b85d0fbec5574f18c162f1936ce5 (diff) |
Ensure only the application's owner can edit it
Diffstat (limited to 'actions')
-rw-r--r-- | actions/editapplication.php | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/actions/editapplication.php b/actions/editapplication.php index a6db87c61..9cc3e3cea 100644 --- a/actions/editapplication.php +++ b/actions/editapplication.php @@ -45,9 +45,9 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { class EditApplicationAction extends OwnerDesignAction { - var $msg = null; - - var $app = null; + var $msg = null; + var $owner = null; + var $app = null; function title() { @@ -68,7 +68,14 @@ class EditApplicationAction extends OwnerDesignAction } $id = (int)$this->arg('id'); - $this->app = Oauth_application::staticGet($id); + + $this->app = Oauth_application::staticGet($id); + $this->owner = User::staticGet($this->app->owner); + $cur = common_current_user(); + + if ($cur->id != $this->owner->id) { + $this->clientError(_('You are not the owner of this application.'), 401); + } if (!$this->app) { $this->clientError(_('No such application.')); |