Added check in CL/Messages_model->sendReply to check that $receiver_id, $relationmessage_id and $token match in the database to avoid to be able to write to anyone using a token

This commit is contained in:
Paolo
2022-08-30 17:31:04 +02:00
parent 81a33654a4
commit 8e0734ca8c
2 changed files with 23 additions and 0 deletions
@@ -176,4 +176,20 @@ class MessageToken_model extends DB_Model
return $this->execQuery($sql, array($oe_kurzbz));
}
/**
*
*/
public function crossClientData($token, $relationmessage_id, $receiver_id)
{
$sql = 'SELECT mm.message_id
FROM public.tbl_msg_message mm
JOIN public.tbl_msg_recipient mr USING(message_id)
WHERE mr.token = ?
AND mm.message_id = ?
AND mm.person_id = ?';
return $this->execQuery($sql, array($token, $relationmessage_id, $receiver_id));
}
}