cyberpresidentvanellope/Aurora.3
1
0
Fork 0
mirror of https://github.com/Aurorastation/Aurora.3.git synced 2026-01-05 23:11:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixes ticket security issue (#4398)

Browse Source 
Turns out, ticket panels are updated for everyone if anyone presses specific buttons. At which point, the usr may as well be an admin, and this will then give access to all the tickets for everyone. So i fix it.
This commit is contained in:
Erki
2018-03-12 10:00:28 +02:00
committed by GitHub
parent 5c230d4e2a
commit 8607bd3e1f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
code/modules/admin/ticket.dm
View File

@@ -106,7 +106,7 @@ proc/get_open_ticket_by_ckey(var/owner)
var/list/dat = list()
var/valid_holder = check_rights(R_MOD|R_ADMIN, FALSE)
var/valid_holder = check_rights(R_MOD|R_ADMIN, FALSE, ticket_panel_window.user)
var/list/ticket_dat = list()
for(var/id = tickets.len, id >= 1, id--)