diff options
author | Alessandro Cosentino <cosenal@gmail.com> | 2012-08-12 21:27:16 -0400 |
---|---|---|
committer | Alessandro Cosentino <cosenal@gmail.com> | 2012-08-12 21:27:16 -0400 |
commit | 8aa247ca730a16c837859b644b0e2998d41885ac (patch) | |
tree | 5310819ac81ce4e4ca7502f4b43151eec3295174 | |
parent | 90fb216e7dd61c9571d225aa7c5c834c654d9cef (diff) |
checks userid before deleting
-rw-r--r-- | ajax/deletefeed.php | 2 | ||||
-rw-r--r-- | ajax/deletefolder.php | 2 | ||||
-rw-r--r-- | lib/feedmapper.php | 8 | ||||
-rw-r--r-- | lib/foldermapper.php | 10 |
4 files changed, 11 insertions, 11 deletions
diff --git a/ajax/deletefeed.php b/ajax/deletefeed.php index c9c9056ca..d9ef6f85d 100644 --- a/ajax/deletefeed.php +++ b/ajax/deletefeed.php @@ -19,7 +19,7 @@ $userid = OCP\USER::getUser(); $feedid = $_POST['feedid']; -$feedmapper = new OCA\News\FeedMapper(); +$feedmapper = new OCA\News\FeedMapper($userid); $success = $feedmapper->deleteById($feedid); $l = OC_L10N::get('news'); diff --git a/ajax/deletefolder.php b/ajax/deletefolder.php index a6950ed40..daf9a8397 100644 --- a/ajax/deletefolder.php +++ b/ajax/deletefolder.php @@ -21,7 +21,7 @@ $folderid = trim($_POST['folderid']); $shownfeedid = trim($_POST['shownfeedid']); $part_items = false; -$foldermapper = new OCA\News\FolderMapper(); +$foldermapper = new OCA\News\FolderMapper($userid); if(!$foldermapper->deleteById($folderid)) { OCP\JSON::error(array('data' => array('message' => $l->t('Error removing folder.')))); diff --git a/lib/feedmapper.php b/lib/feedmapper.php index df310730d..596858538 100644 --- a/lib/feedmapper.php +++ b/lib/feedmapper.php @@ -211,9 +211,9 @@ class FeedMapper { if ($id == null) { return false; } - $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ?'); + $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ? AND user_id = ?'); - $result = $stmt->execute(array($id)); + $result = $stmt->execute(array($id, $this->userid)); $itemMapper = new ItemMapper(); //TODO: handle the value that the execute returns @@ -231,9 +231,9 @@ class FeedMapper { return false; } - $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ?'); + $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ? AND user_id = ?'); - $result = $stmt->execute(array($folderid)); + $result = $stmt->execute(array($folderid, $this->userid)); while ($row = $result->fetchRow()) { if(!self::deleteById($row['id'])) return false; diff --git a/lib/foldermapper.php b/lib/foldermapper.php index 7fb8aa9af..33a14a0c4 100644 --- a/lib/foldermapper.php +++ b/lib/foldermapper.php @@ -138,17 +138,17 @@ class FolderMapper { } // delete child folders - $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName .' WHERE parent_id = ?'); - $result = $stmt->execute(array($folderid)); + $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName .' WHERE parent_id = ? AND user_id = ?'); + $result = $stmt->execute(array($folderid, $this->userid)); while ($row = $result->fetchRow()) { if (!self::deleteById($row['id'])) return false; } - $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ?'); - $result = $stmt->execute(array($folderid)); + $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ? AND user_id = ?'); + $result = $stmt->execute(array($folderid, $this->userid)); - $feedMapper = new FeedMapper(); + $feedMapper = new FeedMapper($this->userid); //TODO: handle the value that the execute returns if(!$feedMapper->deleteAll($folderid)) return false; |