Commit e3d8176a authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review

Merge "Double-check the viewid when setting up watchlist viewing (Bug 1429647)"

parents 9528f451 ac25a2ba
......@@ -162,7 +162,9 @@ addLoadEvent(function () {
artefactid = null;
}
sendjsonrequest(config.wwwroot + 'view/togglewatchlist.json.php', {'view': viewid, 'artefact': artefactid}, 'POST', function(data) {
$('toggle_watchlist_link').innerHTML = data.newtext;
if (data.newtext) {
$('toggle_watchlist_link').innerHTML = data.newtext;
}
});
});
}
......@@ -204,4 +206,4 @@ jQuery(function($j) {
}
});
});
});
\ No newline at end of file
});
......@@ -25,6 +25,12 @@ $data->ctime = db_format_timestamp(time());
$result = new StdClass;
require_once(get_config('libroot') . 'view.php');
$view = new View($viewid);
// Check that we can actually access the view and not just hacking the viewid passed in
if (!can_view_view($view)) {
$result->message = get_string('updatewatchlistfailed', 'view');
json_reply('local', $result);
}
$title = $view->get('title');
if (get_record('usr_watchlist_view', 'usr', $data->usr, 'view', $viewid)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment