Browse Source

limit autosubmit tokens to the same user

pull/82/head
Aaron Parecki 4 years ago
parent
commit
5f89ca0552
No known key found for this signature in database GPG Key ID: 276C2817346D6056
1 changed files with 6 additions and 1 deletions
  1. +6
    -1
      controllers/controllers.php

+ 6
- 1
controllers/controllers.php View File

@ -136,7 +136,12 @@ $app->get('/favorite', function() use($app) {
if(array_key_exists('token', $params)) {
try {
$data = JWT::decode($params['token'], Config::$jwtSecret, ['HS256']);
$autosubmit = isset($data->autosubmit) && $data->autosubmit;
if(isset($data->autosubmit) && $data->autosubmit) {
// Only allow this token to be used for the user who created it
if($data->user_id == $_SESSION['user_id']) {
$autosubmit = true;
}
}
} catch(Exception $e) {
}
}

Loading…
Cancel
Save