Commit 052fb7d5 authored by chandi's avatar chandi Committed by Matthias Larisch

added authorization for xhrapp.php?app=basket&m=editBasket

parent 68a8a0d5
......@@ -9,6 +9,7 @@ use Foodsharing\Lib\Xhr\XhrDialog;
use Foodsharing\Modules\Core\Control;
use Foodsharing\Modules\Core\DBConstants\BasketRequests\Status;
use Foodsharing\Modules\Message\MessageModel;
use Foodsharing\Lib\Xhr\XhrResponses;
class BasketXhr extends Control
......@@ -542,15 +543,19 @@ class BasketXhr extends Control
public function editBasket(): array
public function editBasket()
$basket = $this->basketGateway->getBasket($_GET['id']);
if ($basket['fs_id'] !== $this->session->id()) {
return XhrResponses::PERMISSION_DENIED;
$dia = new XhrDialog();
$basket = $this->basketGateway->getBasket($_GET['id']);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment