From: Zach Copley <zach@status.net>
Date: Wed, 13 Jan 2010 18:20:03 +0000 (+0000)
Subject: Ensure only the application's owner can edit it
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=7b3c099f953c1569c18d81fdb8d4230e927d429e;p=quix0rs-gnu-social.git

Ensure only the application's owner can edit it
---

diff --git a/actions/editapplication.php b/actions/editapplication.php
index a6db87c61e..9cc3e3cead 100644
--- a/actions/editapplication.php
+++ b/actions/editapplication.php
@@ -45,9 +45,9 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
 
 class EditApplicationAction extends OwnerDesignAction
 {
-    var $msg = null;
-
-    var $app = null;
+    var $msg   = null;
+    var $owner = null;
+    var $app   = null;
 
     function title()
     {
@@ -68,7 +68,14 @@ class EditApplicationAction extends OwnerDesignAction
         }
 
         $id = (int)$this->arg('id');
-        $this->app = Oauth_application::staticGet($id);
+
+        $this->app   = Oauth_application::staticGet($id);
+        $this->owner = User::staticGet($this->app->owner);
+        $cur         = common_current_user();
+
+        if ($cur->id != $this->owner->id) {
+            $this->clientError(_('You are not the owner of this application.'), 401);
+        }
 
         if (!$this->app) {
             $this->clientError(_('No such application.'));