t510599/cavern
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Permission policy updated

Browse Source
This commit is contained in:
Tony Yang
2019-06-02 14:09:48 +08:00
parent 36078c850e
commit 7bf8692753
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
admin/ajax/user.php
View File

@@ -75,6 +75,10 @@ if ($_SERVER["REQUEST_METHOD"] == "PATCH" || $_SERVER["REQUEST_METHOD"] == "POST
} else if ($level < 0) {
$level = 0;
}
// you cannot promote user to level higher than youself
if ($level > $user->level) {
send_error(403, "lowlevel");
}
$SQL->query("UPDATE `user` SET `muted`='%d', `level`='%d' WHERE `username`='%s'", array($muted, $level, $username));