diff options
| author | Alessandro Cosentino <cosenal@gmail.com> | 2012-08-12 21:27:16 -0400 |
|---|---|---|
| committer | Alessandro Cosentino <cosenal@gmail.com> | 2012-08-12 21:27:16 -0400 |
| commit | 8aa247ca730a16c837859b644b0e2998d41885ac (patch) | |
| tree | 5310819ac81ce4e4ca7502f4b43151eec3295174 /lib | |
| parent | 90fb216e7dd61c9571d225aa7c5c834c654d9cef (diff) | |
checks userid before deleting
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/feedmapper.php | 8 | ||||
| -rw-r--r-- | lib/foldermapper.php | 10 |
2 files changed, 9 insertions, 9 deletions
diff --git a/lib/feedmapper.php b/lib/feedmapper.php index df310730d..596858538 100644 --- a/lib/feedmapper.php +++ b/lib/feedmapper.php @@ -211,9 +211,9 @@ class FeedMapper { if ($id == null) { return false; } - $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ?'); + $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ? AND user_id = ?'); - $result = $stmt->execute(array($id)); + $result = $stmt->execute(array($id, $this->userid)); $itemMapper = new ItemMapper(); //TODO: handle the value that the execute returns @@ -231,9 +231,9 @@ class FeedMapper { return false; } - $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ?'); + $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName . ' WHERE folder_id = ? AND user_id = ?'); - $result = $stmt->execute(array($folderid)); + $result = $stmt->execute(array($folderid, $this->userid)); while ($row = $result->fetchRow()) { if(!self::deleteById($row['id'])) return false; diff --git a/lib/foldermapper.php b/lib/foldermapper.php index 7fb8aa9af..33a14a0c4 100644 --- a/lib/foldermapper.php +++ b/lib/foldermapper.php @@ -138,17 +138,17 @@ class FolderMapper { } // delete child folders - $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName .' WHERE parent_id = ?'); - $result = $stmt->execute(array($folderid)); + $stmt = \OCP\DB::prepare('SELECT id FROM ' . self::tableName .' WHERE parent_id = ? AND user_id = ?'); + $result = $stmt->execute(array($folderid, $this->userid)); while ($row = $result->fetchRow()) { if (!self::deleteById($row['id'])) return false; } - $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ?'); - $result = $stmt->execute(array($folderid)); + $stmt = \OCP\DB::prepare('DELETE FROM ' . self::tableName .' WHERE id = ? AND user_id = ?'); + $result = $stmt->execute(array($folderid, $this->userid)); - $feedMapper = new FeedMapper(); + $feedMapper = new FeedMapper($this->userid); //TODO: handle the value that the execute returns if(!$feedMapper->deleteAll($folderid)) return false; |