Business/ManagePanel
2
0
Fork 1
Code Issues 1 Pull Requests Releases Wiki Activity

Improve isManagerOf() error handling to prevent possible security bug

Browse Source
This commit is contained in:
Skylar Ittner 2018-01-03 21:56:43 -07:00
parent c414dff049
commit bad43ff93f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/userinfo.php
View File

@ -90,10 +90,10 @@ function isManagerOf($m, $e) {
$resp = json_decode($response->getBody(), TRUE); $resp = json_decode($response->getBody(), TRUE);
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
return $resp['managerof']; return $resp['managerof'] === true;
} else { } else {
// this shouldn't happen, but in case it does just fake it. // this shouldn't happen, but in case it does just fake it.
return ["name" => $u, "username" => $u, "uid" => $u]; return false;
} }
} }