From a40362564fa659ffa92d9ad9bd0ca164b592ff55 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 16 Dec 2020 14:11:43 +0100
Subject: [locations] Avoid potentially duplicate ids in ajax fragments

---
 modules-available/locations/pages/details.inc.php | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'modules-available/locations/pages')

diff --git a/modules-available/locations/pages/details.inc.php b/modules-available/locations/pages/details.inc.php
index aa279570..2f444157 100644
--- a/modules-available/locations/pages/details.inc.php
+++ b/modules-available/locations/pages/details.inc.php
@@ -33,15 +33,16 @@ class SubPage
 		return false;
 	}
 
-	private static function updateOpeningTimes() {
-		$openingTimes = Request::post('openingtimes', '', 'string');
-		$locationid = Request::post('locationid', false, 'int');
+	private static function updateOpeningTimes()
+	{
+		$openingTimes = Request::post('openingtimes', Request::REQUIRED, 'string');
+		$locationid = Request::post('locationid', Request::REQUIRED, 'int');
 		$wol = Request::post('wol', false, 'bool');
 		$woloffset = Request::post('wol-offset', 0, 'int');
 		$sd = Request::post('sd', false, 'bool');
 		$sdoffset = Request::post('sd-offset', 0, 'int');
 
-		User::assertPermission('location.edit', $locationid);
+		User::assertPermission('location.edit.*', $locationid); // TODO: Introduce permission
 
 		// Construct opening-times for database
 		if ($openingTimes !== '') {
@@ -109,8 +110,6 @@ class SubPage
 				Scheduler::deleteSchedule($locationid, 'sd');
 			}
 		}
-
-		return true;
 	}
 
 	private static function getTime($str)
-- 
cgit v1.2.3-55-g7522