diff options
author | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-25 11:24:53 +0200 |
---|---|---|
committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2014-07-25 11:30:33 +0200 |
commit | 34aa226c6608f511694b6d5d44fbddb30e4c945a (patch) | |
tree | da493523a8b931ab73e4db5a69627ff0fa635e09 /web | |
parent | 7df8dc8bcb0989a8543d699a7c667809170a69b3 (diff) | |
download | aurweb-34aa226c6608f511694b6d5d44fbddb30e4c945a.tar.xz |
Do not allow regular users to edit all accounts
Fixes a regression introduced in 03c6304 (Rework permission handling,
2014-07-15).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web')
-rw-r--r-- | web/lib/acctfuncs.inc.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 943e80b..6232f83 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -1123,6 +1123,6 @@ function can_edit_account($acctinfo) { return has_credential(CRED_ACCOUNT_EDIT_DEV); } - $uid = uid_from_sid($_COOKIE['AURSID']); + $uid = $acctinfo['ID']; return has_credential(CRED_ACCOUNT_EDIT, array($uid)); } |