summaryrefslogtreecommitdiffstats
path: root/web/html
diff options
context:
space:
mode:
authorLukas Fleischer <archlinux@cryptocrack.de>2014-08-08 11:47:06 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2014-08-08 11:48:58 +0200
commit218ccf51e38ad9b0654aa509f2bf8eec44d69c07 (patch)
treea5fed51509d35bf3da7672b7ca94bdbe47644090 /web/html
parentd61b34f2557eb38142c879cbe2dea8598873dfb3 (diff)
downloadaur-218ccf51e38ad9b0654aa509f2bf8eec44d69c07.tar.gz
aur-218ccf51e38ad9b0654aa509f2bf8eec44d69c07.tar.xz
Add permission checks to the request feature
* Only show the request form to users that are logged in. * Only show the close request form to Trusted Users and developers. * Check for a valid login in pkgreq_file(). Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/html')
-rw-r--r--web/html/pkgreq.php8
1 files changed, 8 insertions, 0 deletions
diff --git a/web/html/pkgreq.php b/web/html/pkgreq.php
index 03b31b84..ccb0acd8 100644
--- a/web/html/pkgreq.php
+++ b/web/html/pkgreq.php
@@ -9,9 +9,17 @@ set_lang();
check_sid();
if (isset($base_id)) {
+ if (!has_credential(CRED_PKGREQ_FILE)) {
+ header('Location: /');
+ exit();
+ }
html_header(__("File Request"));
include('pkgreq_form.php');
} elseif (isset($pkgreq_id)) {
+ if (!has_credential(CRED_PKGREQ_CLOSE)) {
+ header('Location: /');
+ exit();
+ }
html_header(__("Close Request"));
$pkgbase_name = pkgreq_get_pkgbase_name($pkgreq_id);
include('pkgreq_close_form.php');