Anyone can delete pm.
-
good job but…
You Should check if the user is in “from_user” or “to_user”
otherwise anyone can delete messages.String:
https://site.com/page-with-shortcode/?pmaction=deletemessage&id=1You could try something like this:
$cuid = get_current_user_id(); $from_user = query... $to_user = query... if (is_array($from_user) && in_array($cuid, $from_user)) { die( 'NO'); } if (is_array($to_user) && in_array($cuid, $to_user)) { die( 'NO'); } ....anyway, thanks a lot.
Frankie.
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
- The topic ‘Anyone can delete pm.’ is closed to new replies.
