summaryrefslogtreecommitdiff
path: root/lib/VNWeb
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2021-11-15 14:06:12 +0100
committerYorhel <git@yorhel.nl>2021-11-15 14:06:12 +0100
commit9744d51a58b5d12abe3fcadd46debdf2dec6bb83 (patch)
treeacfb0201552b2030c3f0ce38ded75a034ba09d42 /lib/VNWeb
parente822056651fd5d72b57fd06980c3def12ebbe349 (diff)
Reviews::Edit: Add early 404 check
Diffstat (limited to 'lib/VNWeb')
-rw-r--r--lib/VNWeb/Reviews/Edit.pm2
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/VNWeb/Reviews/Edit.pm b/lib/VNWeb/Reviews/Edit.pm
index 00002c6b..2921be75 100644
--- a/lib/VNWeb/Reviews/Edit.pm
+++ b/lib/VNWeb/Reviews/Edit.pm
@@ -71,6 +71,7 @@ elm_api ReviewsEdit => $FORM_OUT, $FORM_IN, sub {
my $id = delete $data->{id};
my $review = $id ? tuwf->dbRowi('SELECT id, locked, modnote, text, uid AS user_id FROM reviews WHERE id =', \$id) : {};
+ return tuwf->resNotFound if $id && !$review->{id};
return elm_Unauth if !can_edit w => $review;
if(!auth->permBoardmod) {
@@ -103,6 +104,7 @@ elm_api ReviewsEdit => $FORM_OUT, $FORM_IN, sub {
elm_api ReviewsDelete => undef, { id => { vndbid => 'w' } }, sub {
my($data) = @_;
my $review = tuwf->dbRowi('SELECT id, uid AS user_id FROM reviews WHERE id =', \$data->{id});
+ return tuwf->resNotFound if !$review->{id};
return elm_Unauth if !can_edit w => $review;
auth->audit($review->{user_id}, 'review delete', "deleted $review->{id}");
tuwf->dbExeci('DELETE FROM notifications WHERE iid =', \$data->{id});