summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-07-25 11:24:53 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-07-25 11:30:33 +0200
commit34aa226c6608f511694b6d5d44fbddb30e4c945a (patch)
treeda493523a8b931ab73e4db5a69627ff0fa635e09 /web
parent7df8dc8bcb0989a8543d699a7c667809170a69b3 (diff)
downloadaurweb-34aa226c6608f511694b6d5d44fbddb30e4c945a.tar.xz
Do not allow regular users to edit all accounts
Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r--web/lib/acctfuncs.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 943e80b..6232f83 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -1123,6 +1123,6 @@ function can_edit_account($acctinfo) {
return has_credential(CRED_ACCOUNT_EDIT_DEV);
}
- $uid = uid_from_sid($_COOKIE['AURSID']);
+ $uid = $acctinfo['ID'];
return has_credential(CRED_ACCOUNT_EDIT, array($uid));
}