Commit 02ae18d6 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge "Double-check the viewid when setting up watchlist viewing (Bug 1429647)" into 1.9_STABLE

parents 91f15848 900003c5
......@@ -156,7 +156,9 @@ addLoadEvent(function () {
artefactid = null;
}
sendjsonrequest(config.wwwroot + 'view/togglewatchlist.json.php', {'view': viewid, 'artefact': artefactid}, 'POST', function(data) {
if (data.newtext) {
$('toggle_watchlist_link').innerHTML = data.newtext;
}
});
});
}
......
......@@ -25,6 +25,12 @@ $data->ctime = db_format_timestamp(time());
$result = new StdClass;
require_once(get_config('libroot') . 'view.php');
$view = new View($viewid);
// Check that we can actually access the view and not just hacking the viewid passed in
if (!can_view_view($view)) {
$result->message = get_string('updatewatchlistfailed', 'view');
json_reply('local', $result);
}
$title = $view->get('title');
if (get_record('usr_watchlist_view', 'usr', $data->usr, 'view', $viewid)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment