fix a user_can security problem

2026-04-10 10:20:52 +08:00 · 2023-05-07 04:10:08 +08:00
parent d09e57a09f
commit 72f260c76a
1 changed files with 1 additions and 1 deletions
--- a/include/globalfunctions.php
+++ b/include/globalfunctions.php
@@ -1088,7 +1088,7 @@ function user_can($permission, $fail = false, $uid = 0): bool
        $uid = get_user_id();
        $log .= ", set current uid: $uid";
    }
-    if ($uid <= 0) {
+    if (!$fail && $uid <= 0) {
        do_log("$log, unauthenticated, false");
        return false;
    }