diff --git a/action.php b/action.php index f3442c0..b53e41d 100644 --- a/action.php +++ b/action.php @@ -140,7 +140,9 @@ switch ($VARS['action']) { die(json_encode(["status" => "ERROR", "msg" => lang("invalid tileid", false)])); } - if ($database->get("publications", 'uid', ['pubid' => $VARS['pubid']]) != $_SESSION['uid']) { + $pubid = $database->get("tiles", "pubid", ['tileid' => $VARS['tileid']]); + + if ($database->get("publications", 'uid', ['pubid' => $pubid]) != $_SESSION['uid']) { die(json_encode(["status" => "ERROR", "msg" => lang("no permission", false)])); } diff --git a/database.mwb b/database.mwb index 54dd5ee..7954784 100644 Binary files a/database.mwb and b/database.mwb differ diff --git a/lib/gencontent.php b/lib/gencontent.php index 3d35a8d..2603096 100644 --- a/lib/gencontent.php +++ b/lib/gencontent.php @@ -34,9 +34,24 @@ if (defined("EDIT_MODE") && EDIT_MODE == true) { } ?>