mirror/snipe-it
3
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2026-02-05 20:35:31 +00:00
Code Issues Projects Releases Wiki Activity

Fix access control - https://huntr.dev/bounties/19453ef1-4d77-4cff-b7e8-1bc8f3af0862/

Browse Source
This commit is contained in:
Haxatron
2021-12-09 12:57:04 +08:00
committed by GitHub
parent 86afe6c4b1
commit 918e7c8dae
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Http/Controllers/AssetModelsController.php
View File

@ -269,6 +269,7 @@ class AssetModelsController extends Controller
*/
public function getClone($modelId = null)
{
$this->authorize('view', AssetModel::class);
// Check if the model exists
if (is_null($model_to_clone = AssetModel::find($modelId))) {
return redirect()->route('models.index')->with('error', trans('admin/models/message.does_not_exist'));