mirror of
https://github.com/github/codeql.git
synced 2025-12-20 18:56:32 +01:00
28 lines
811 B
C#
28 lines
811 B
C#
using System;
|
|
using System.Web.UI;
|
|
|
|
class EditComment : System.Web.UI.Page {
|
|
|
|
// BAD - Any user can access this method.
|
|
protected void btn1_Click(object sender, EventArgs e) {
|
|
string commentId = Request.QueryString["Id"];
|
|
Comment comment = getCommentById(commentId);
|
|
comment.Text = "xyz";
|
|
}
|
|
|
|
// GOOD - The user ID is verified.
|
|
protected void btn2_Click(object sender, EventArgs e) {
|
|
string commentId = Request.QueryString["Id"];
|
|
Comment comment = getCommentById(commentId);
|
|
if (comment.AuthorName == User.Identity.Name){
|
|
comment.Text = "xyz";
|
|
}
|
|
}
|
|
|
|
class Comment {
|
|
public string Text { get; set; }
|
|
public string AuthorName { get; }
|
|
}
|
|
|
|
Comment getCommentById(string id) { return null; }
|
|
} |