We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 2856982a authored by Evan Prodromou's avatar Evan Prodromou

disallow access to out-of-scope bookmark

parent 57dee164
......@@ -76,6 +76,16 @@ class ShowbookmarkAction extends ShownoticeAction
throw new ClientException(_('No such bookmark.'), 404);
if (!empty($cur)) {
$curProfile = $cur->getProfile();
} else {
$curProfile = null;
if (!$this->notice->inScope($curProfile)) {
throw new ClientException(_('Not available.'), 403);
$this->user = User::staticGet('id', $this->bookmark->profile_id);
if (empty($this->user)) {
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment