From 34aa226c6608f511694b6d5d44fbddb30e4c945a Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Fri, 25 Jul 2014 11:24:53 +0200 Subject: Do not allow regular users to edit all accounts Fixes a regression introduced in 03c6304 (Rework permission handling, 2014-07-15). Signed-off-by: Lukas Fleischer --- web/lib/acctfuncs.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'web') diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index 943e80b..6232f83 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -1123,6 +1123,6 @@ function can_edit_account($acctinfo) { return has_credential(CRED_ACCOUNT_EDIT_DEV); } - $uid = uid_from_sid($_COOKIE['AURSID']); + $uid = $acctinfo['ID']; return has_credential(CRED_ACCOUNT_EDIT, array($uid)); } -- cgit v1.2.3-70-g09d2