diff options
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | lib/VNDB/Handler/ULists.pm | 3 |
2 files changed, 4 insertions, 0 deletions
@@ -2,6 +2,7 @@ - VNDBUtil::bb2html(): Fixed bug when the string starts with a VNDBID - VNDBUtil::bb2html(): Fixed bug with lowercasing all [url=..] URLs - Fixed perl warning on /v/search redirect without search query + - Bugfix: Don't allow others to open /u+/votes when show_list is false 2.15 - 2010-12-15 - Removed expand/collapse from history browser and /u+/posts and switched to diff --git a/lib/VNDB/Handler/ULists.pm b/lib/VNDB/Handler/ULists.pm index c8119000..6efb0a13 100644 --- a/lib/VNDB/Handler/ULists.pm +++ b/lib/VNDB/Handler/ULists.pm @@ -104,6 +104,9 @@ sub votelist { my $obj = $type eq 'v' ? $self->dbVNGet(id => $id)->[0] : $self->dbUserGet(uid => $id)->[0]; return 404 if !$obj->{id}; + my $own = $type eq 'u' && $self->authInfo->{id} && $self->authInfo->{id} == $id; + return 404 if $type eq 'u' && !$own && !($obj->{show_list} || $self->authCan('usermod')); + my $f = $self->formValidate( { name => 'p', required => 0, default => 1, template => 'int' }, { name => 'o', required => 0, default => 'd', enum => ['a', 'd'] }, |