mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-07-19 16:02:15 +00:00
Added check in CL/Messages_model->sendReply to check that $receiver_id, $relationmessage_id and $token match in the database to avoid to be able to write to anyone using a token
This commit is contained in:
@@ -176,4 +176,20 @@ class MessageToken_model extends DB_Model
|
||||
|
||||
return $this->execQuery($sql, array($oe_kurzbz));
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public function crossClientData($token, $relationmessage_id, $receiver_id)
|
||||
{
|
||||
$sql = 'SELECT mm.message_id
|
||||
FROM public.tbl_msg_message mm
|
||||
JOIN public.tbl_msg_recipient mr USING(message_id)
|
||||
WHERE mr.token = ?
|
||||
AND mm.message_id = ?
|
||||
AND mm.person_id = ?';
|
||||
|
||||
return $this->execQuery($sql, array($token, $relationmessage_id, $receiver_id));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user