edit restrict

12 years ago · 9494bf6378
parent 67191b3a54
commit 9494bf6378
1 changed files with 1 additions and 1 deletions
--- a/src/webserver.js
+++ b/src/webserver.js
@ -419,7 +419,7 @@ passport.deserializeUser(function(uid, done) {

 	app.get('/users/:uid/edit', function(req, res){
 		
-		if(req.user && req.params.uid)
+		if(req.user && req.params.uid && req.user.uid === req.params.uid)
 			res.send(templates['header'] + create_route('users/'+req.params.uid+'/edit','accountedit') + templates['footer']);
 		else
 			return res.redirect('/403');