diff options
author | simo <simo> | 2006-09-17 20:36:55 +0000 |
---|---|---|
committer | simo <simo> | 2006-09-17 20:36:55 +0000 |
commit | 7a6681635a19976c766fbadd3e479c0fd7458853 (patch) | |
tree | a4db3ec2447a36612e51ec2702e6d97aa4a41f0b /web | |
parent | 5686ba6516fc72bc6f2244b6426230cb2f64961f (diff) | |
download | aurweb-7a6681635a19976c766fbadd3e479c0fd7458853.tar.xz |
fix bug #5403 - privilege issue in safe flag
Diffstat (limited to 'web')
-rw-r--r-- | web/html/packages.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/packages.php b/web/html/packages.php index df8dbad..683d23e 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -476,7 +476,7 @@ if (isset($_REQUEST["do_Flag"])) { print __("You must be logged in before you can flag packages."); print "<br />\n"; } else { - if (!empty($ids) || $atype == "User") { + if (!empty($ids) && $atype == "Trusted User") { $dbh = db_connect(); # There currently shouldn't be multiple requests here, but the format in which # it's sent requires this @@ -500,7 +500,7 @@ if (isset($_REQUEST["do_Flag"])) { print __("You must be logged in before you can unflag packages."); print "<br />\n"; } else { - if (!empty($ids) || $atype == "User") { + if (!empty($ids) && $atype == "Trusted User") { $dbh = db_connect(); # There currently shouldn't be multiple requests here, but the format in which # it's sent requires this |