From 4f7468644732c5b23bee9b98b0337d83ee56e015 Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Fri, 10 Apr 2020 18:04:02 +0200
Subject: [PATCH] FEAT #13441 TIME 0:05 Template check id

---
 src/app/template/controllers/TemplateController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app/template/controllers/TemplateController.php b/src/app/template/controllers/TemplateController.php
index 752eb85a95e..0caa7628213 100755
--- a/src/app/template/controllers/TemplateController.php
+++ b/src/app/template/controllers/TemplateController.php
@@ -282,7 +282,7 @@ class TemplateController
 
     public function getContentById(Request $request, Response $response, array $aArgs)
     {
-        if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_templates', 'userId' => $GLOBALS['id']])) {
+        if (!Validator::intVal()->validate($aArgs['id']) || !PrivilegeController::hasPrivilege(['privilegeId' => 'admin_templates', 'userId' => $GLOBALS['id']])) {
             return $response->withStatus(403)->withJson(['errors' => 'Service forbidden']);
         }
 
-- 
GitLab