From 772fcfa7f52628dd4ba3bbce3d368651e8dca2c9 Mon Sep 17 00:00:00 2001
From: Daku <dakutree@codeanimu.net>
Date: Tue, 24 Jan 2012 16:22:47 +0000
Subject: [PATCH] checks if user is owner of pool before deleting

---
 contrib/pools/main.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contrib/pools/main.php b/contrib/pools/main.php
index d006c8c6..a679f222 100644
--- a/contrib/pools/main.php
+++ b/contrib/pools/main.php
@@ -550,12 +550,12 @@ class Pools extends SimpleExtension {
 	private function nuke_pool($poolID) {
 		global $user, $database;
 
+		$p_id = $database->get_one("SELECT user_id FROM pools WHERE id = :pid", array("pid"=>$poolID));
 		if($user->is_admin()) {
 			$database->execute("DELETE FROM pool_history WHERE pool_id = :pid", array("pid"=>$poolID));
 			$database->execute("DELETE FROM pool_images WHERE pool_id = :pid", array("pid"=>$poolID));
 			$database->execute("DELETE FROM pools WHERE id = :pid", array("pid"=>$poolID));
-		} elseif(!$user->is_anonymous()) {
-			// FIXME: WE CHECK IF THE USER IS THE OWNER OF THE POOL IF NOT HE CAN'T DO ANYTHING
+		} elseif($user->id == $p_id) {
 			$database->execute("DELETE FROM pool_history WHERE pool_id = :pid", array("pid"=>$poolID));
 			$database->execute("DELETE FROM pool_images WHERE pool_id = :pid", array("pid"=>$poolID));
 			$database->execute("DELETE FROM pools WHERE id = :pid AND user_id = :uid", array("pid"=>$poolID, "uid"=>$user->id));