fix bug #5403 - privilege issue in safe flag

author: simo <simo> 2006-09-17 20:36:55 +0000
committer: simo <simo> 2006-09-17 20:36:55 +0000
commit: 7a6681635a19976c766fbadd3e479c0fd7458853 (patch)
tree: a4db3ec2447a36612e51ec2702e6d97aa4a41f0b /web
parent: 5686ba6516fc72bc6f2244b6426230cb2f64961f (diff)
download: aurweb-7a6681635a19976c766fbadd3e479c0fd7458853.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/packages.php b/web/html/packages.php
index df8dbad..683d23e 100644
--- a/web/html/packages.php
+++ b/web/html/packages.php
@@ -476,7 +476,7 @@ if (isset($_REQUEST["do_Flag"])) {
 		print __("You must be logged in before you can flag packages.");
 		print "<br />\n";
 	} else {
-		if (!empty($ids) || $atype == "User") {
+		if (!empty($ids) && $atype == "Trusted User") {
 			$dbh = db_connect();
 			# There currently shouldn't be multiple requests here, but the format in which
 			# it's sent requires this
@@ -500,7 +500,7 @@ if (isset($_REQUEST["do_Flag"])) {
 		print __("You must be logged in before you can unflag packages.");
 		print "<br />\n";
 	} else {
-		if (!empty($ids) || $atype == "User") {
+		if (!empty($ids) && $atype == "Trusted User") {
 			$dbh = db_connect();
 			# There currently shouldn't be multiple requests here, but the format in which
 			# it's sent requires this
author	simo <simo>	2006-09-17 20:36:55 +0000
committer	simo <simo>	2006-09-17 20:36:55 +0000
commit	7a6681635a19976c766fbadd3e479c0fd7458853 (patch)
tree	a4db3ec2447a36612e51ec2702e6d97aa4a41f0b /web
parent	5686ba6516fc72bc6f2244b6426230cb2f64961f (diff)
download	aurweb-7a6681635a19976c766fbadd3e479c0fd7458853.tar.xz