From 93430d92c0ecfcc9b3f2f1909596327097ee2769 Mon Sep 17 00:00:00 2001
From: thomas <9033-thomas@users.noreply.git.laquadrature.net>
Date: Sun, 19 Dec 2021 23:58:19 +0100
Subject: [PATCH] Improve access control checks on Perso::cancel()

---
 app/controller/perso.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/controller/perso.php b/app/controller/perso.php
index cf8c5dd..5bc3e90 100644
--- a/app/controller/perso.php
+++ b/app/controller/perso.php
@@ -490,8 +490,11 @@ class Perso extends Controller
 
     public function cancel($f3, $params)
     {
+        if (!$f3->exists('SESSION.user')) {
+            $f3->reroute('/login');
+        }
         $db = $f3->get('DB');
-        $result = $db->query("SELECT identifier, user_id from identifiers where identifier like '".$params['id']."'");
+        $result = $db->query("SELECT identifier, user_id from identifiers where identifier like '".$params['id']."' and user_id='".\Utils::asl($f3->get('SESSION.id'))."'");
         $result = $result->fetch(\PDO::FETCH_ASSOC);
         if ($result) {
             $identifier = $result['identifier'];
-- 
GitLab