Commit 97f8e7ae authored by chandi's avatar chandi Committed by Matthias Larisch

added authorization for xhrapp.php?app=wallpost&m=attachimage

parent 986b784a
......@@ -153,6 +153,10 @@ class WallPostXhr extends Control
public function attachimage()
{
if (!$this->wallPostPermissions->mayWriteWall($this->session->id(), $this->table, $this->id)) {
return XhrResponses::PERMISSION_DENIED;
}
$init = '';
if (isset($_FILES['etattach']['size']) && $_FILES['etattach']['size'] < 9136365 && $this->attach_allow($_FILES['etattach']['name'], $_FILES['etattach']['type'])) {
$new_filename = uniqid();
......
......@@ -101,7 +101,7 @@ if (isset($_GET['f'])) {
if ($page === XhrResponses::PERMISSION_DENIED) {
header('HTTP/1.1 403 Forbidden');
die("Permission denied");
die('Permission denied');
}
/*
* check for page caching
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment