From 35fca9dcca23214927c496ea8130b8e4ee1065f6 Mon Sep 17 00:00:00 2001
From: Ryan Walberg <generalpf@gmail.com>
Date: Mon, 26 Nov 2012 03:29:13 +0000
Subject: [PATCH] security check to see if it's your item

---
 src/receive.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/receive.php b/src/receive.php
index 04adc33..33f6ada 100644
--- a/src/receive.php
+++ b/src/receive.php
@@ -30,12 +30,15 @@ else {
 $action = (!empty($_GET["action"]) ? $_GET["action"] : "");
 $itemid = (int) $_GET["itemid"];
 
-// get details.  is this a single-quantity item?
+// get details. is it our item? is this a single-quantity item?
 try {
-	$stmt = $smarty->dbh()->prepare("SELECT quantity FROM {$opt["table_prefix"]}items WHERE itemid = ?");
+	$stmt = $smarty->dbh()->prepare("SELECT userid, quantity FROM {$opt["table_prefix"]}items WHERE itemid = ?");
 	$stmt->bindParam(1, $itemid, PDO::PARAM_INT);
 	$stmt->execute();
 	if ($row = $stmt->fetch()) {
+		if ($row["userid"] != $userid)
+			die("That's not your item!");
+
 		$quantity = $row["quantity"];
 	}
 	else {