p3k
/
Quill
mirror of https://github.com/aaronpk/Quill.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
Browse Source

limit autosubmit tokens to the same user

pull/82/head
Aaron Parecki 7 years ago
parent
43e8a1ef8d
commit
5f89ca0552
No known key found for this signature in database GPG Key ID: 276C2817346D6056
1 changed files with 6 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +6
    -1
      controllers/controllers.php

+ 6
- 1
controllers/controllers.php View File

@ -136,7 +136,12 @@ $app->get('/favorite', function() use($app) {
if(array_key_exists('token', $params)) {
try {
$data = JWT::decode($params['token'], Config::$jwtSecret, ['HS256']);
$autosubmit = isset($data->autosubmit) && $data->autosubmit;
if(isset($data->autosubmit) && $data->autosubmit) {
// Only allow this token to be used for the user who created it
if($data->user_id == $_SESSION['user_id']) {
$autosubmit = true;
}
}
} catch(Exception $e) {
}
}

Write Preview
Loading…
Cancel
Save