james/fembooru
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

checks if user is owner of pool before deleting

Browse Source
This commit is contained in:
Daku 2012-01-24 16:22:47 +00:00
parent cd1087b7a7
commit 772fcfa7f5
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
contrib/pools/main.php
View File

@ -550,12 +550,12 @@ class Pools extends SimpleExtension {
private function nuke_pool($poolID) { private function nuke_pool($poolID) {
global $user, $database; global $user, $database;
$p_id = $database->get_one("SELECT user_id FROM pools WHERE id = :pid", array("pid"=>$poolID));
if($user->is_admin()) { if($user->is_admin()) {
$database->execute("DELETE FROM pool_history WHERE pool_id = :pid", array("pid"=>$poolID)); $database->execute("DELETE FROM pool_history WHERE pool_id = :pid", array("pid"=>$poolID));
$database->execute("DELETE FROM pool_images WHERE pool_id = :pid", array("pid"=>$poolID)); $database->execute("DELETE FROM pool_images WHERE pool_id = :pid", array("pid"=>$poolID));
$database->execute("DELETE FROM pools WHERE id = :pid", array("pid"=>$poolID)); $database->execute("DELETE FROM pools WHERE id = :pid", array("pid"=>$poolID));
} elseif(!$user->is_anonymous()) { } elseif($user->id == $p_id) {
// FIXME: WE CHECK IF THE USER IS THE OWNER OF THE POOL IF NOT HE CAN'T DO ANYTHING
$database->execute("DELETE FROM pool_history WHERE pool_id = :pid", array("pid"=>$poolID)); $database->execute("DELETE FROM pool_history WHERE pool_id = :pid", array("pid"=>$poolID));
$database->execute("DELETE FROM pool_images WHERE pool_id = :pid", array("pid"=>$poolID)); $database->execute("DELETE FROM pool_images WHERE pool_id = :pid", array("pid"=>$poolID));
$database->execute("DELETE FROM pools WHERE id = :pid AND user_id = :uid", array("pid"=>$poolID, "uid"=>$user->id)); $database->execute("DELETE FROM pools WHERE id = :pid AND user_id = :uid", array("pid"=>$poolID, "uid"=>$user->id));