From 15bccd650ea2236ba2ca7296a9c76bfb51208d5a Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton.tananaev@gmail.com>
Date: Fri, 4 Sep 2015 10:01:55 +1200
Subject: Security check for adding device

---
 src/org/traccar/web/DeviceServlet.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/org/traccar/web/DeviceServlet.java b/src/org/traccar/web/DeviceServlet.java
index 6b65efa8b..f091be1af 100644
--- a/src/org/traccar/web/DeviceServlet.java
+++ b/src/org/traccar/web/DeviceServlet.java
@@ -51,8 +51,9 @@ public class DeviceServlet extends BaseServlet {
     
     private void add(HttpServletRequest req, HttpServletResponse resp) throws Exception {
         Device device = JsonConverter.objectFromJson(req.getReader(), new Device());
+        long userId = getUserId(req);
         Context.getDataManager().addDevice(device);
-        Context.getDataManager().linkDevice(getUserId(req), device.getId());
+        Context.getDataManager().linkDevice(userId, device.getId());
         Context.getPermissionsManager().refresh();
         sendResponse(resp.getWriter(), JsonConverter.objectToJson(device));
     }
-- 
cgit v1.2.3