external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add permission checks to the request feature

Browse source 
* Only show the request form to users that are logged in.
* Only show the close request form to Trusted Users and developers.
* Check for a valid login in pkgreq_file().

Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2014-08-08 11:47:06 +02:00
parent d61b34f255
commit 218ccf51e3
3 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
web/html/pkgreq.php
View file

@ -9,9 +9,17 @@ set_lang();
check_sid();
if (isset($base_id)) {
if (!has_credential(CRED_PKGREQ_FILE)) {
header('Location: /');
exit();
}
html_header(__("File Request"));
include('pkgreq_form.php');
} elseif (isset($pkgreq_id)) {
if (!has_credential(CRED_PKGREQ_CLOSE)) {
header('Location: /');
exit();
}
html_header(__("Close Request"));
$pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id);
include('pkgreq_close_form.php');