Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-12 05:50:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixed security hole

Browse Source
This commit is contained in:
Mr McClain 2016-02-24 12:19:34 -06:00
parent 80e8f9ca4d
commit a77e007f5b
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
notifications/views.py
View File

@ -33,8 +33,9 @@ def notification_view(request, notif_id):
@login_required @login_required
def remove_notification(request, notif_id): def remove_notification(request, notif_id):
logger.debug("remove notification called by user %s for notif_id %s" % (request.user, notif_id)) logger.debug("remove notification called by user %s for notif_id %s" % (request.user, notif_id))
if Notification.objects.filter(id=notif_id).exists():
notif = get_object_or_404(Notification, pk=notif_id) notif = get_object_or_404(Notification, pk=notif_id)
if notif.user == request.user:
if Notification.objects.filter(id=notif_id).exists():
notif.delete() notif.delete()
logger.info("Deleting notif id %s by user %s" % (notif_id, request.user)) logger.info("Deleting notif id %s by user %s" % (notif_id, request.user))
else: else: