From bad43ff93f94d8716612f88cc1f6164e11f45d43 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Wed, 3 Jan 2018 21:56:43 -0700
Subject: [PATCH] Improve isManagerOf() error handling to prevent possible
 security bug

---
 lib/userinfo.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/userinfo.php b/lib/userinfo.php
index 660804b..8d63990 100644
--- a/lib/userinfo.php
+++ b/lib/userinfo.php
@@ -90,10 +90,10 @@ function isManagerOf($m, $e) {
 
     $resp = json_decode($response->getBody(), TRUE);
     if ($resp['status'] == "OK") {
-        return $resp['managerof'];
+        return $resp['managerof'] === true;
     } else {
         // this shouldn't happen, but in case it does just fake it.
-        return ["name" => $u, "username" => $u, "uid" => $u];
+        return false;
     }
 }