diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-21 11:50:51 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2012-06-21 11:50:51 +0200 |
| commit | 2f9763d216a759505868b75ff0e4dcf846e7000c (patch) | |
| tree | 6a98205091801ec42b229d482521dd655a32d290 /apps | |
| parent | 8870d3677675c73d2b4008a6a39949da617ad1c2 (diff) | |
| download | nextcloud-server-2f9763d216a759505868b75ff0e4dcf846e7000c.tar.gz nextcloud-server-2f9763d216a759505868b75ff0e4dcf846e7000c.zip | |
check if user is allowed to edit bookmarks
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/bookmarks/ajax/editBookmark.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/apps/bookmarks/ajax/editBookmark.php b/apps/bookmarks/ajax/editBookmark.php index fcec2e1cedb..439b680dc20 100644 --- a/apps/bookmarks/ajax/editBookmark.php +++ b/apps/bookmarks/ajax/editBookmark.php @@ -40,18 +40,26 @@ if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){ } $bookmark_id = (int)$_POST["id"]; +$user_id = OCP\USER::getUser(); $query = OCP\DB::prepare(" UPDATE *PREFIX*bookmarks SET url = ?, title =?, lastmodified = $_ut - WHERE id = $bookmark_id + WHERE id = ? + AND user_id = ? "); $params=array( htmlspecialchars_decode($_POST["url"]), htmlspecialchars_decode($_POST["title"]), + $bookmark_id, + $user_id, ); -$query->execute($params); + +$result = $query->execute($params); + +# Abort the operation if bookmark couldn't be set (probably because the user is not allowed to edit this bookmark) +if ($result->numRows() == 0) exit(); # Remove old tags and insert new ones. $query = OCP\DB::prepare(" @@ -66,7 +74,7 @@ $query = OCP\DB::prepare(" (bookmark_id, tag) VALUES (?, ?) "); - + $tags = explode(' ', urldecode($_POST["tags"])); foreach ($tags as $tag) { if(empty($tag)) { |