관리권한이 없는 유저가 다른 유저의 변경이력을 볼 수 있는 문제점개선

2026-01-07 02:31:40 +09:00 · 2016-02-03 05:26:04 +09:00 · 2016-02-03 05:26:04 +09:00 · d02fa4981e
commit d02fa4981e
parent 7af044933f
1 changed files with 8 additions and 2 deletions
--- a/modules/member/member.view.php
+++ b/modules/member/member.view.php
@ -696,12 +696,18 @@ class memberView extends member
 	function dispMemberModifyNicknameLog()
 	{
 		$member_srl = Context::get('member_srl');
-
+		$logged_info = Context::get('logged_info');
 		if(!$member_srl)
 		{
-			$logged_info = Context::get('logged_info');
 			$member_srl = $logged_info->member_srl;
 		}
+		else
+		{
+			if($logged_info->is_admin != 'Y')
+			{
+				return new Object(-1, 'msg_not_permitted');
+			}
+		}

 		$args = new stdClass();
 		$args->member_srl = $member_srl;