From 73fdb1e81283d5d5b073143a34d0e8af6066e13b Mon Sep 17 00:00:00 2001 From: x2003bruneau Date: Tue, 21 Nov 2006 10:54:28 +0000 Subject: [PATCH] Throw 403 when trying to edit a missing event git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1116 839d8a87-29fc-0310-9880-83ba4fa771e5 --- modules/xnetevents.php | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/modules/xnetevents.php b/modules/xnetevents.php index 281b5e6..4db6920 100644 --- a/modules/xnetevents.php +++ b/modules/xnetevents.php @@ -61,7 +61,7 @@ class XnetEventsModule extends PLModule if (!is_null($action)) { if (!may_update()) { - return PL_NOT_ALLOWED; + return PL_FORBIDDEN; } $res = XDB::query("SELECT asso_id, short_name FROM groupex.evenements @@ -70,7 +70,7 @@ class XnetEventsModule extends PLModule $tmp = $res->fetchOneRow(); if (!$tmp) { - return PL_NOT_ALLOWED; + return PL_FORBIDDEN; } } @@ -291,7 +291,7 @@ class XnetEventsModule extends PLModule require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php'; $evt = get_event_detail($eid); if (!$evt) { - return PL_NOT_FOUND; + return PL_FORBIDDEN; } $evt['debut'] = preg_replace('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/', "\\1\\2\\3T\\4\\5\\6", $evt['debut']); $evt['fin'] = preg_replace('/(\d+)-(\d+)-(\d+) (\d+):(\d+):(\d+)/', "\\1\\2\\3T\\4\\5\\6", $evt['fin']); @@ -333,12 +333,14 @@ class XnetEventsModule extends PLModule // check the event is in our group if (!is_null($eid)) { - $res = XDB::query("SELECT short_name, asso_id + $res = XDB::query("SELECT short_name FROM groupex.evenements - WHERE eid = {?}", $eid); - $infos = $res->fetchOneAssoc(); - if ($infos['asso_id'] != $globals->asso('id')) { - return PL_NOT_ALLOWED; + WHERE eid = {?} AND asso_id = {?}", + $eid, $globals->asso('id')); + if ($res->numRows()) { + $infos = $res->fetchOneAssoc(); + } else { + return PL_FORBIDDEN; } } -- 2.1.4