diff options
| author | George Goldberg <george@gberg.me> | 2018-07-31 19:13:44 +0100 |
|---|---|---|
| committer | Harrison Healey <harrisonmhealey@gmail.com> | 2018-07-31 14:13:44 -0400 |
| commit | a6c364822a9d64d416ca5868502ac32a7eb94435 (patch) | |
| tree | 9a0c271e6b3463434d7e1e4b28a2b77aaa16c5fa /api4 | |
| parent | 82dfe9e61df90c9eb6c6540ca6d82b328661b652 (diff) | |
| download | chat-a6c364822a9d64d416ca5868502ac32a7eb94435.tar.gz chat-a6c364822a9d64d416ca5868502ac32a7eb94435.tar.bz2 chat-a6c364822a9d64d416ca5868502ac32a7eb94435.zip | |
MM-11516: Check channel ID in URL param and Body are same. (#9185)
Diffstat (limited to 'api4')
| -rw-r--r-- | api4/channel.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/api4/channel.go b/api4/channel.go index 0b8470975..f21b45d56 100644 --- a/api4/channel.go +++ b/api4/channel.go @@ -90,6 +90,12 @@ func updateChannel(c *Context, w http.ResponseWriter, r *http.Request) { return } + // The channel being updated in the payload must be the same one as indicated in the URL. + if channel.Id != c.Params.ChannelId { + c.SetInvalidParam("channel_id") + return + } + var oldChannel *model.Channel var err *model.AppError if oldChannel, err = c.App.GetChannel(channel.Id); err != nil { |