From fd8b2e6e4e8a95b75d7c59315c3e6622df1f7c2e Mon Sep 17 00:00:00 2001
From: = <=>
Date: Fri, 27 Feb 2026 08:03:17 +0000
Subject: [PATCH] =?UTF-8?q?securit=C3=A9=20addedit?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 controllers/project_controller.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/controllers/project_controller.php b/controllers/project_controller.php
index 08c2bcc..7dd930f 100644
--- a/controllers/project_controller.php
+++ b/controllers/project_controller.php
@@ -129,6 +129,10 @@
 			// Dans la cas de modif
 			if (isset($_GET['id'])){
 				$arrProject = $objProjectModel->findOne($_GET['id']);
+				if($_SESSION['user']['user_id'] != $arrProject['project_user_id']){
+					header("Location:index.php?ctrl=error&action=error_403");
+					exit;
+				}
 				$objProject->hydrate($arrProject); // BDD
 				$this->_arrData['arrImages'] = $objProjectModel->getImagesByProjectId($objProject->getId());
 			}