chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Fix logical flaw allowing unauthenticated users to send data to a specific table

Browse Source
pull/5823/head
Yannick Warnier 12 months ago
parent dc24215029
commit 58c54f4631
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      main/lp/storageapi.php

2
main/lp/storageapi.php
Unescape View File

@ -67,7 +67,7 @@ switch ($_REQUEST['action']) {
function storage_can_set($sv_user)
{
// platform admin can change any user's stored values, other users can only change their own values
$allowed = ((api_is_platform_admin()) || ($sv_user == api_get_user_id()));
$allowed = ((api_is_platform_admin()) || (!empty($sv_user) && $sv_user == api_get_user_id()));
if (!$allowed) {
echo "ERROR : Not allowed";
}

Write Preview
Loading…
Cancel
Save