From ce8e0fb4e34058130c0ff0edd88caaf52c0b4ca9 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Wed, 3 Jan 2018 21:55:48 -0700
Subject: [PATCH] Improve isManagerOf() error handling to prevent possible
 security bug

---
 lib/userinfo.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/userinfo.php b/lib/userinfo.php
index 7db54c5..22f41ac 100644
--- a/lib/userinfo.php
+++ b/lib/userinfo.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Get user info for the given username.
  * @param int $u username
@@ -85,10 +86,10 @@ function isManagerOf($m, $e) {
 
     $resp = json_decode($response->getBody(), TRUE);
     if ($resp['status'] == "OK") {
-        return $resp['managerof'];
+        return $resp['managerof'] === true;
     } else {
         // this shouldn't happen, but in case it does just fake it.
-        return ["name" => $u, "username" => $u, "uid" => $u];
+        return false;
     }
 }
 
@@ -119,4 +120,4 @@ function getManagedUIDs($manageruid) {
     } else {
         return [];
     }
-}
\ No newline at end of file
+}