fix: adding wish to arbitrary list
This commit is contained in:
parent
d913cc16b8
commit
103e2f5a28
2 changed files with 27 additions and 0 deletions
|
@ -94,6 +94,16 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$user = User::getCurrent();
|
||||||
|
|
||||||
|
if (!$user->ownsWishlist()) {
|
||||||
|
\http_response_code(403);
|
||||||
|
|
||||||
|
die(__('You may only modify wishes you own.'));
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$wish_title = addslashes(filter_input(INPUT_POST, 'wish_title', FILTER_SANITIZE_SPECIAL_CHARS) ?? '');
|
$wish_title = addslashes(filter_input(INPUT_POST, 'wish_title', FILTER_SANITIZE_SPECIAL_CHARS) ?? '');
|
||||||
$wish_description = addslashes(filter_input(INPUT_POST, 'wish_description', FILTER_SANITIZE_SPECIAL_CHARS) ?? '');
|
$wish_description = addslashes(filter_input(INPUT_POST, 'wish_description', FILTER_SANITIZE_SPECIAL_CHARS) ?? '');
|
||||||
$wish_image = addslashes(filter_input(INPUT_POST, 'wish_image', FILTER_SANITIZE_URL) ?? '');
|
$wish_image = addslashes(filter_input(INPUT_POST, 'wish_image', FILTER_SANITIZE_URL) ?? '');
|
||||||
|
|
|
@ -308,6 +308,23 @@ class User
|
||||||
return $wishlists;
|
return $wishlists;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function ownsWishlist(): bool
|
||||||
|
{
|
||||||
|
if (!$this->isLoggedIn()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$wishlists = $this->getWishlists();
|
||||||
|
|
||||||
|
foreach ($wishlists as $wishlistData) {
|
||||||
|
if ($wishlistData['user'] === $this->id) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
public function getSavedWishlists(): array
|
public function getSavedWishlists(): array
|
||||||
{
|
{
|
||||||
global $database;
|
global $database;
|
||||||
|
|
Loading…
Reference in a new issue