mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

check if user is allowed to edit bookmarks

This commit is contained in:
Bjoern Schiessle 2012-06-21 11:50:51 +02:00
parent 37ed3b5bd2
commit 3b4d2a971a
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
apps/bookmarks/ajax/editBookmark.php
View File

@ -40,18 +40,26 @@ if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){
} }
$bookmark_id = (int)$_POST["id"]; $bookmark_id = (int)$_POST["id"];
$user_id = OCP\USER::getUser();
$query = OCP\DB::prepare(" $query = OCP\DB::prepare("
UPDATE *PREFIX*bookmarks UPDATE *PREFIX*bookmarks
SET url = ?, title =?, lastmodified = $_ut SET url = ?, title =?, lastmodified = $_ut
WHERE id = $bookmark_id WHERE id = ?
AND user_id = ?
"); ");
$params=array( $params=array(
htmlspecialchars_decode($_POST["url"]), htmlspecialchars_decode($_POST["url"]),
htmlspecialchars_decode($_POST["title"]), htmlspecialchars_decode($_POST["title"]),
$bookmark_id,
$user_id,
); );
$query->execute($params);
$result = $query->execute($params);
# Abort the operation if bookmark couldn't be set (probably because the user is not allowed to edit this bookmark)
if ($result->numRows() == 0) exit();
# Remove old tags and insert new ones. # Remove old tags and insert new ones.
$query = OCP\DB::prepare(" $query = OCP\DB::prepare("