ZwiiCMS-Team/ZwiiCMS
ZwiiCMS-Team
/
ZwiiCMS
3
3
Fork 2
Code Releases 145 Activity

Check permission on delete

This commit is contained in:
Fred Tempez 2023-06-29 09:43:31 +02:00
parent a22dc8b5ce
commit b7d1f9e1f1
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/module/user/user.php
View File

@ -184,6 +184,7 @@ class user extends common
{ {
// Accès refusé // Accès refusé
if ( if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
// L'utilisateur n'existe pas // L'utilisateur n'existe pas
$this->getData(['user', $this->getUrl(2)]) === null $this->getData(['user', $this->getUrl(2)]) === null
// Groupe insuffisant // Groupe insuffisant
@ -230,7 +231,7 @@ class user extends common
public function edit() public function edit()
{ {
if ( if (
$this->checkCSRF() $this->getUser('permission', __CLASS__, __FUNCTION__) === false
) { ) {
// Valeurs en sortie // Valeurs en sortie
@ -531,6 +532,7 @@ class user extends common
public function profilEdit() public function profilEdit()
{ {
if ( if (
$this->getUser('permission', __CLASS__, __FUNCTION__) === false ||
$this->checkCSRF() $this->checkCSRF()
) { ) {