diff options
| author | Yorhel <git@yorhel.nl> | 2020-08-18 08:55:27 +0200 |
|---|---|---|
| committer | Yorhel <git@yorhel.nl> | 2020-08-18 08:55:37 +0200 |
| commit | 4b33a35eba600699d7b7e66acc9792ac1fc7e3f9 (patch) | |
| tree | b46918132f8d6c05a4d540a6919dd86c414dee18 | |
| parent | c7ed12e3b5733ec25e227e14038ebe9bfdc2c8d0 (diff) | |
reviews: Fix permission check when deleting review
Broken in 89f1916021d64ddb0f8f3fb3fda9843515c74dee
| -rw-r--r-- | lib/VNWeb/Reviews/Edit.pm | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/VNWeb/Reviews/Edit.pm b/lib/VNWeb/Reviews/Edit.pm index 5644c27a..34042958 100644 --- a/lib/VNWeb/Reviews/Edit.pm +++ b/lib/VNWeb/Reviews/Edit.pm @@ -77,7 +77,7 @@ elm_api ReviewsEdit => $FORM_OUT, $FORM_IN, sub { elm_api ReviewsDelete => undef, { id => { vndbid => 'w' } }, sub { my($data) = @_; - my $review = tuwf->dbRowi('SELECT id, uid FROM reviews WHERE id =', \$data->{id}); + my $review = tuwf->dbRowi('SELECT id, uid AS user_id FROM reviews WHERE id =', \$data->{id}); return elm_Unauth if !can_edit w => $review; auth->audit($review->{uid}, 'review delete', "deleted $review->{id}"); tuwf->dbExeci('DELETE FROM reviews WHERE id =', \$data->{id}); |