summaryrefslogtreecommitdiffstats
path: root/web/lib/pkgfuncs.inc.php
diff options
context:
space:
mode:
authorcanyonknight <canyonknight@gmail.com>2012-08-10 03:15:50 +0200
committerLukas Fleischer <archlinux@cryptocrack.de>2012-08-23 22:47:50 +0200
commite8cd6abc6e8921223a7a290088153bffc364e9d5 (patch)
tree9883f62565332efc4a3c2a999b183ac27912ca55 /web/lib/pkgfuncs.inc.php
parent44d8588b6304c12ef8ae8b3151a697a73dce526d (diff)
downloadaur-e8cd6abc6e8921223a7a290088153bffc364e9d5.tar.gz
aur-e8cd6abc6e8921223a7a290088153bffc364e9d5.tar.xz
Allow only Trusted Users, Developers, and Maintainers to unflag packages
Currently everyone is allowed to unflag a package as out of date. This should be limited to only the appropriate people for a specific package. Fixes FS#27263 Signed-off-by: canyonknight <canyonknight@gmail.com> Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/pkgfuncs.inc.php')
-rw-r--r--web/lib/pkgfuncs.inc.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/web/lib/pkgfuncs.inc.php b/web/lib/pkgfuncs.inc.php
index 6fad628d..c592e393 100644
--- a/web/lib/pkgfuncs.inc.php
+++ b/web/lib/pkgfuncs.inc.php
@@ -728,6 +728,10 @@ function pkg_flag ($atype, $ids, $action=true, $dbh=NULL) {
}
$q.= " WHERE ID IN (" . implode(",", $ids) . ")";
+ if (!$action && ($atype != "Trusted User" && $atype != "Developer")) {
+ $q.= "AND MaintainerUID = " . uid_from_sid($_COOKIE["AURSID"], $dbh);
+ }
+
db_query($q, $dbh);
if ($action) {