From 9494bf637844224ff258f2e1861fa727d0fe9f9f Mon Sep 17 00:00:00 2001
From: Baris Usakli <barisusakli@gmail.com>
Date: Wed, 8 May 2013 14:20:57 -0400
Subject: [PATCH] edit restrict

---
 src/webserver.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/webserver.js b/src/webserver.js
index c4c41c39d1..fbcd7fe16b 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -419,7 +419,7 @@ passport.deserializeUser(function(uid, done) {
 
 	app.get('/users/:uid/edit', function(req, res){
 		
-		if(req.user && req.params.uid)
+		if(req.user && req.params.uid && req.user.uid === req.params.uid)
 			res.send(templates['header'] + create_route('users/'+req.params.uid+'/edit','accountedit') + templates['footer']);
 		else
 			return res.redirect('/403');