🐛 Fix request authorisation

Signed-off-by: Luke Tainton <luke@tainton.uk>
2020-08-09 17:09:50 +01:00
parent 07eaf4d05d
commit 671e1826d0
7 changed files with 14 additions and 14 deletions
--- a/app/public/actions/close.php
+++ b/app/public/actions/close.php
@@ -4,8 +4,8 @@

    $request = get_request($db, $_GET['rid']);
    $authorised_users = get_subscribers($db, $request);
-    $is_authorised = isAuthorised($authorised_users, $request);
-    
+    $is_authorised = isAuthorised($_SESSION['uuid'], $authorised_users, $request);
+
    // Close request
    if ($is_authorised == true) {
        if($_SERVER['REQUEST_METHOD'] == 'POST') {
@@ -25,4 +25,4 @@
        header('Location: /view?rid=' . $request['uuid'], true);
    }

-?>
+?>