From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Sat, 5 Jun 2010 09:40:24 +0000 (+0200)
Subject: Fix a bug giving read access to the contacts of another user when
X-Git-Tag: xorg/1.0.0~188
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=c15406925832d6758a1829e40a9ad3f8179744c2;p=platal.git

Fix a bug giving read access to the contacts of another user when
adding/removing this user from our contacts. Close #1080

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/modules/carnet.php b/modules/carnet.php
index 7479b3c..d71aec1 100644
--- a/modules/carnet.php
+++ b/modules/carnet.php
@@ -266,18 +266,20 @@ class CarnetModule extends PLModule
         }
         switch (Env::v('action')) {
             case 'retirer':
-                if (($user = User::get(Env::v('user')))) {
+                if (($contact = User::get(Env::v('user')))) {
                     if (XDB::execute("DELETE FROM  contacts
-                                            WHERE  uid = {?} AND contact = {?}", $uid, $user->id())) {
+                                            WHERE  uid = {?} AND contact = {?}",
+                                     $uid, $contact->id())) {
                         $page->trigSuccess("Contact retiré&nbsp;!");
                     }
                 }
                 break;
 
             case 'ajouter':
-                if (($user = User::get(Env::v('user')))) {
+                if (($contact = User::get(Env::v('user')))) {
                     if (XDB::execute("REPLACE INTO  contacts (uid, contact)
-                                            VALUES  ({?}, {?})", $uid, $user->id())) {
+                                            VALUES  ({?}, {?})",
+                                     $uid, $contact->id())) {
                         $page->trigSuccess('Contact ajouté&nbsp;!');
                     } else {
                         $page->trigWarning('Contact déjà dans la liste&nbsp;!');