mike/wishlist
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

security check to see if it's your item

Browse source
This commit is contained in:
Ryan Walberg 2012-11-26 03:29:13 +00:00
parent 03600cf4ab
commit 35fca9dcca
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/receive.php
View file

@ -30,12 +30,15 @@ else {
$action = (!empty($_GET["action"]) ? $_GET["action"] : "");
$itemid = (int) $_GET["itemid"];
// get details. is this a single-quantity item?
// get details. is it our item? is this a single-quantity item?
try {
$stmt = $smarty->dbh()->prepare("SELECT quantity FROM {$opt["table_prefix"]}items WHERE itemid = ?");
$stmt = $smarty->dbh()->prepare("SELECT userid, quantity FROM {$opt["table_prefix"]}items WHERE itemid = ?");
$stmt->bindParam(1, $itemid, PDO::PARAM_INT);
$stmt->execute();
if ($row = $stmt->fetch()) {
if ($row["userid"] != $userid)
die("That's not your item!");
$quantity = $row["quantity"];
}
else {