diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2011-04-04 17:45:09 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2011-04-04 17:45:09 -0700 |
| commit | 5b927a7083c8886a42519f9199666431bac0b650 (patch) | |
| tree | 3a50072e7c5bf988aae30e4719790828a3ecf7ba | |
| parent | 527e651cda4ec4b230e43e8f4611b4a3fd292427 (diff) | |
Guard against registered users removing tags from items they don't own. Fixes #1671.
| -rw-r--r-- | modules/tag/helpers/tag_item_rest.php | 1 | ||||
| -rw-r--r-- | modules/tag/helpers/tag_items_rest.php | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/modules/tag/helpers/tag_item_rest.php b/modules/tag/helpers/tag_item_rest.php index a8d3d0bc..be1fa653 100644 --- a/modules/tag/helpers/tag_item_rest.php +++ b/modules/tag/helpers/tag_item_rest.php @@ -29,6 +29,7 @@ class tag_item_rest_Core { static function delete($request) { list ($tag, $item) = rest::resolve($request->url); + access::required("edit", $item); $tag->remove($item); $tag->save(); } diff --git a/modules/tag/helpers/tag_items_rest.php b/modules/tag/helpers/tag_items_rest.php index 535ab513..8ed07276 100644 --- a/modules/tag/helpers/tag_items_rest.php +++ b/modules/tag/helpers/tag_items_rest.php @@ -51,6 +51,7 @@ class tag_items_rest_Core { static function delete($request) { list ($tag, $item) = rest::resolve($request->url); + access::required("edit", $item); $tag->remove($item); $tag->save(); } |