fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix vulnerability in procMemberDeleteSavedDocument

Browse source
This commit is contained in:
Kijin Sung 2017-02-25 15:08:42 +09:00
parent 6df32746c3
commit f3a43d071e
1 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules/member/member.controller.php
View file

@ -199,9 +199,22 @@ class memberController extends member
$document_srl = (int)Context::get('document_srl'); $document_srl = (int)Context::get('document_srl');
if(!$document_srl) return new Object(-1,'msg_invalid_request'); if(!$document_srl) return new Object(-1,'msg_invalid_request');
$oDocumentModel = getModel('document');
$oDocument = $oDocumentModel->getDocument($document_srl);
if ($oDocument->get('member_srl') != $logged_info->member_srl)
{
return new Object(-1,'msg_invalid_request');
}
$configStatusList = $oDocumentModel->getStatusList();
if ($oDocument->get('status') != $configStatusList['temp'])
{
return new Object(-1,'msg_invalid_request');
}
// Variables // Variables
$oDocumentController = getController('document'); $oDocumentController = getController('document');
$oDocumentController->deleteDocument($document_srl, true); $oDocumentController->deleteDocument($document_srl);
} }
/** /**