diff options
author | Yorhel <git@yorhel.nl> | 2021-11-15 14:06:12 +0100 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2021-11-15 14:06:12 +0100 |
commit | 9744d51a58b5d12abe3fcadd46debdf2dec6bb83 (patch) | |
tree | acfb0201552b2030c3f0ce38ded75a034ba09d42 /lib/VNWeb | |
parent | e822056651fd5d72b57fd06980c3def12ebbe349 (diff) |
Reviews::Edit: Add early 404 check
Diffstat (limited to 'lib/VNWeb')
-rw-r--r-- | lib/VNWeb/Reviews/Edit.pm | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/VNWeb/Reviews/Edit.pm b/lib/VNWeb/Reviews/Edit.pm index 00002c6b..2921be75 100644 --- a/lib/VNWeb/Reviews/Edit.pm +++ b/lib/VNWeb/Reviews/Edit.pm @@ -71,6 +71,7 @@ elm_api ReviewsEdit => $FORM_OUT, $FORM_IN, sub { my $id = delete $data->{id}; my $review = $id ? tuwf->dbRowi('SELECT id, locked, modnote, text, uid AS user_id FROM reviews WHERE id =', \$id) : {}; + return tuwf->resNotFound if $id && !$review->{id}; return elm_Unauth if !can_edit w => $review; if(!auth->permBoardmod) { @@ -103,6 +104,7 @@ elm_api ReviewsEdit => $FORM_OUT, $FORM_IN, sub { elm_api ReviewsDelete => undef, { id => { vndbid => 'w' } }, sub { my($data) = @_; my $review = tuwf->dbRowi('SELECT id, uid AS user_id FROM reviews WHERE id =', \$data->{id}); + return tuwf->resNotFound if !$review->{id}; return elm_Unauth if !can_edit w => $review; auth->audit($review->{user_id}, 'review delete', "deleted $review->{id}"); tuwf->dbExeci('DELETE FROM notifications WHERE iid =', \$data->{id}); |