sigmasternchen/MyTube
1
0
Fork 0
mirror of https://github.com/sigmasternchen/MyTube synced 2025-03-15 04:48:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes security issues in dashboar controller

Browse source
This commit is contained in:
overflowerror 2021-01-17 22:55:43 +01:00
parent bf6b1ed3f6
commit 0471d4fd95
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/Controller/DashboardController.php
View file

@ -263,6 +263,12 @@ class DashboardController extends AbstractController
return $this->redirectToRoute("app_dashboard");
}
$user = $this->userService->getLoggedInUser();
if ($video->getUploader() != $user) {
throw new AccessDeniedHttpException();
}
$videoLink = new VideoLink();
$videoLink->setVideo($video);
$form = $this->createForm(VideoLinkType::class, $videoLink);
@ -271,7 +277,6 @@ class DashboardController extends AbstractController
if ($form->isSubmitted() && $form->isValid()) {
$videoLink = $form->getData();
$user = $this->userService->getLoggedInUser();
$videoLink->setCreator($user);
$videoLink->setCreated();
@ -347,6 +352,11 @@ class DashboardController extends AbstractController
return $this->redirectToRoute("app_dashboard");
}
$user = $this->userService->getLoggedInUser();
if ($videoLink->getCreator() != $user) {
throw new AccessDeniedHttpException();
}
$form = $this->createForm(VideoLinkType::class, $videoLink);
$form->handleRequest($request);