From 197758f2bcf4194422fe112d8ff3c5a9fd2ed192 Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Sun, 26 Feb 2023 02:12:45 +0100
Subject: [PATCH] refs #4253 supplant security code uncommented

---
 rest/client/supplant.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rest/client/supplant.php b/rest/client/supplant.php
index 87715601..4ef83402 100644
--- a/rest/client/supplant.php
+++ b/rest/client/supplant.php
@@ -10,7 +10,7 @@ class Supplant extends Vn\Web\JsonRequest {
 			'SELECT id FROM account.user WHERE `name` = #',
 			[$_REQUEST['supplantUser']]
 		);
-/*
+
 		$isClient = $db->getValue(
 			'SELECT COUNT(*) > 0 FROM vn.client WHERE id = #',
 			[$userId]
@@ -24,7 +24,7 @@ class Supplant extends Vn\Web\JsonRequest {
 		);
 		if ($hasAccount)
 			throw new Web\ForbiddenException(s('The user is not impersonable'));
-*/
+
 		return $this->service->createToken($_REQUEST['supplantUser']);
 	}
 }