Use ID from session rather than post data (!371) · Merge requests · foodsharing-dev / foodsharing · GitLab

Theo requested to merge bug/84-only-allow-editing-of-own-image into master May 08, 2018

Closes #84

What does this MR do?

Queries for an image based on the ID from the current session, rather than whatever is passed from the client.

How confident are you it won't break things if deployed?

This should only break if it's being used incorrectly elsewhere.

Links to related issues

Checklist

added a test, or explain why one is not needed/possible...
no unrelated changes
asked someone for a code review
joined #foodsharing-beta channel at https://slackin.yunity.org
added an entry to CHANGELOG.md (description, merge request link, username(s))

Edited May 17, 2018 by Peter Tönnies