Commit dc5adff3 authored by chandi's avatar chandi Committed by Matthias Larisch

restrict team contact to people who allowed it

parent f0a6f9ec
......@@ -6,6 +6,7 @@ use Foodsharing\Lib\Db\Db;
use Foodsharing\Lib\Mail\AsyncMail;
use Foodsharing\Lib\Xhr\Xhr;
use Foodsharing\Modules\Core\Control;
use Foodsharing\Lib\Xhr\XhrResponses;
use Foodsharing\Services\SanitizerService;
class TeamXhr extends Control
......@@ -23,7 +24,7 @@ class TeamXhr extends Control
parent::__construct();
}
public function contact(): void
public function contact()
{
$xhr = new Xhr();
......@@ -34,6 +35,10 @@ class TeamXhr extends Control
if ($id = $this->getPostInt('id')) {
if ($user = $this->gateway->getUser($id)) {
if (!$user['contact_public']) {
return XhrResponses::PERMISSION_DENIED;
}
$mail = new AsyncMail($this->mem);
if ($this->func->validEmail($_POST['email'])) {
......
......@@ -141,7 +141,7 @@ $csrf_whitelist = [
// 'Store::savebezirkids',
// 'Store::setbezirkids',
// 'Store::signout',
// 'Team::contact',
'Team::contact',
// 'WallPost::delpost',
// 'WallPost::update',
'WallPost::quickreply',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment