Navigation Menu

Skip to content
This repository has been archived by the owner on Jan 24, 2019. It is now read-only.

Commit

Permalink
Fix bug 924884 - Enforce owner-only editing of profile
Browse files Browse the repository at this point in the history
  • Loading branch information
@jbuck
jbuck committed Oct 18, 2013
1 parent 3af81e3 commit 8168cf6
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 4 additions & 0 deletions app.js
View file
Expand Up @@ -84,6 +84,10 @@ server.get('/user-data/:username', function fetchDataFromDB(req, res, next) {
});

server.post('/user-data/:username', function (req, res, next) {
if (req.session.username !== req.params.username && req.params.username !== 'reanimator') {
return res.send(403);
}

db.findOrCreate({ userid: req.params.username }, { data: JSON.stringify(req.body) }).success(function(result, created) {
if (created) {
return res.send(201);
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Expand Up @@ -13,7 +13,7 @@
"sequelize": "~2.0.0-beta.0",
"uid2": "0.0.3",
"webmaker-loginapi": "https://github.com/mozilla/node-webmaker-loginapi/archive/v0.1.15.tar.gz",
"webmaker-profile": "https://github.com/mozilla/webmaker-profile/archive/v0.1.9.tar.gz"
"webmaker-profile": "https://github.com/mozilla/webmaker-profile/archive/v0.1.10.tar.gz"
},
"devDependencies": {
"api-easy": "0.3.8",
Expand Down

0 comments on commit 8168cf6

Please sign in to comment.