summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorsimo <simo>2006-09-17 20:36:55 +0000
committersimo <simo>2006-09-17 20:36:55 +0000
commit7a6681635a19976c766fbadd3e479c0fd7458853 (patch)
treea4db3ec2447a36612e51ec2702e6d97aa4a41f0b /web
parent5686ba6516fc72bc6f2244b6426230cb2f64961f (diff)
downloadaurweb-7a6681635a19976c766fbadd3e479c0fd7458853.tar.xz
fix bug #5403 - privilege issue in safe flag
Diffstat (limited to 'web')
-rw-r--r--web/html/packages.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/web/html/packages.php b/web/html/packages.php
index df8dbad..683d23e 100644
--- a/web/html/packages.php
+++ b/web/html/packages.php
@@ -476,7 +476,7 @@ if (isset($_REQUEST["do_Flag"])) {
print __("You must be logged in before you can flag packages.");
print "<br />\n";
} else {
- if (!empty($ids) || $atype == "User") {
+ if (!empty($ids) && $atype == "Trusted User") {
$dbh = db_connect();
# There currently shouldn't be multiple requests here, but the format in which
# it's sent requires this
@@ -500,7 +500,7 @@ if (isset($_REQUEST["do_Flag"])) {
print __("You must be logged in before you can unflag packages.");
print "<br />\n";
} else {
- if (!empty($ids) || $atype == "User") {
+ if (!empty($ids) && $atype == "Trusted User") {
$dbh = db_connect();
# There currently shouldn't be multiple requests here, but the format in which
# it's sent requires this