Username and origin ID matching check on app sharing.

nthnn · Jul 25, 2024 · 1a7e1c5 · 1a7e1c5
1 parent a15acae
commit 1a7e1c5
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/controller/apps.php b/controller/apps.php
@@ -333,6 +333,17 @@ public static function shareApp($originId, $username, $password, $appKey, $appId
         }
 
         global $db_conn;
+        $res = mysqli_query(
+            $db_conn,
+            "SELECT * FROM accounts WHERE id=".$originId." AND username=\"".$username."\""
+        );
+
+        if(mysqli_num_rows($res) != 1) {
+            Response::failedMessage("Account must be the same with the application owner.");
+            return;
+        }
+        freeDBQuery($res);
+
         $res = mysqli_query(
             $db_conn,
             "SELECT * FROM accounts WHERE id=".$originId." AND email=\"".$email."\""