From 7a6681635a19976c766fbadd3e479c0fd7458853 Mon Sep 17 00:00:00 2001 From: simo Date: Sun, 17 Sep 2006 20:36:55 +0000 Subject: fix bug #5403 - privilege issue in safe flag --- web/html/packages.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/html/packages.php b/web/html/packages.php index df8dbad..683d23e 100644 --- a/web/html/packages.php +++ b/web/html/packages.php @@ -476,7 +476,7 @@ if (isset($_REQUEST["do_Flag"])) { print __("You must be logged in before you can flag packages."); print "
\n"; } else { - if (!empty($ids) || $atype == "User") { + if (!empty($ids) && $atype == "Trusted User") { $dbh = db_connect(); # There currently shouldn't be multiple requests here, but the format in which # it's sent requires this @@ -500,7 +500,7 @@ if (isset($_REQUEST["do_Flag"])) { print __("You must be logged in before you can unflag packages."); print "
\n"; } else { - if (!empty($ids) || $atype == "User") { + if (!empty($ids) && $atype == "Trusted User") { $dbh = db_connect(); # There currently shouldn't be multiple requests here, but the format in which # it's sent requires this -- cgit v1.2.3-70-g09d2