HomePhabricator

[SECURITY] Don't allow spoofing the user in profile visibility API module

Authored by ashley on Mar 24 2020, 11:41 PM.

Description

[SECURITY] Don't allow spoofing the user in profile visibility API module

Since only registered users have a social profile and thus only registered users can set
some of their profile fields to have a limited visibility, require the user to be logged
in and only allow them to change their own profile, not anyone else's.

Bug: T248385
Change-Id: I298cca3fdc4adbbdeb7d3c8838523c77a2a1a451

Details

Committed
ashleyMar 24 2020, 11:41 PM
Parents
rESPR0d2711697bc1: UserRelationship: fix E_NOTICE about undefined property
Branches
Unknown
Tags
Unknown
ChangeId
I298cca3fdc4adbbdeb7d3c8838523c77a2a1a451