Forbid unauthorised access to user wishlists

This commit is contained in:
grandeljay 2022-12-14 16:48:33 +01:00
parent 9d477c6019
commit 68976b70fe
2 changed files with 11 additions and 1 deletions

View file

@ -133,7 +133,11 @@ switch ($_SERVER['REQUEST_METHOD']) {
/**
* Get user wishlists
*/
$user = isset($_GET['userid']) ? User::getFromID($_GET['userid']) : $_SESSION['user'];
$user = $_SESSION['user'];
if (!$user->isLoggedIn()) {
$this->response(403);
}
$wishlists = array();
$wishlists_items = array();

View file

@ -72,4 +72,10 @@ class API
return $request_variables;
}
private function response(int $http_code): void
{
http_response_code($http_code);
die();
}
}