Forbid unauthorised access to user wishlists
This commit is contained in:
parent
9d477c6019
commit
68976b70fe
2 changed files with 11 additions and 1 deletions
|
@ -133,7 +133,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
|
|||
/**
|
||||
* Get user wishlists
|
||||
*/
|
||||
$user = isset($_GET['userid']) ? User::getFromID($_GET['userid']) : $_SESSION['user'];
|
||||
$user = $_SESSION['user'];
|
||||
|
||||
if (!$user->isLoggedIn()) {
|
||||
$this->response(403);
|
||||
}
|
||||
|
||||
$wishlists = array();
|
||||
$wishlists_items = array();
|
||||
|
|
|
@ -72,4 +72,10 @@ class API
|
|||
|
||||
return $request_variables;
|
||||
}
|
||||
|
||||
private function response(int $http_code): void
|
||||
{
|
||||
http_response_code($http_code);
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue