Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-12 05:50:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixed security hole

Browse Source
This commit is contained in:
Mr McClain 2016-02-24 12:19:34 -06:00
parent 80e8f9ca4d
commit a77e007f5b
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
notifications/views.py
View File

@ -33,10 +33,11 @@ def notification_view(request, notif_id):
@login_required @login_required
def remove_notification(request, notif_id): def remove_notification(request, notif_id):
logger.debug("remove notification called by user %s for notif_id %s" % (request.user, notif_id)) logger.debug("remove notification called by user %s for notif_id %s" % (request.user, notif_id))
if Notification.objects.filter(id=notif_id).exists(): notif = get_object_or_404(Notification, pk=notif_id)
notif = get_object_or_404(Notification, pk=notif_id) if notif.user == request.user:
notif.delete() if Notification.objects.filter(id=notif_id).exists():
logger.info("Deleting notif id %s by user %s" % (notif_id, request.user)) notif.delete()
logger.info("Deleting notif id %s by user %s" % (notif_id, request.user))
else: else:
logger.error("Unable to delete notif id %s for user %s - notif matching id not found." % (notif_id, request.user)) logger.error("Unable to delete notif id %s for user %s - notif matching id not found." % (notif_id, request.user))
return redirect('auth_notification_list') return redirect('auth_notification_list')