Finding lots of this lately including this and this , so check them out to make sure you’re not vunerable.

Well I found the problem, and now it’s working fine. It was due to a faulty IF statement using a defunct variable name - one of the hazards of copy and paste! I will have to find out how to turn on the feature (explicit variable names?) that throws this up as an error to worm out this type of thing in the future.

This has highlighted another problem though: if an item is listed in your My Media section then it can be deleted. i.e. there is no check in the form parser that you are the owner.
I’ll add some additional checks also, so that items can’t be deleted if they are loaned out and any outstanding requests are rejected.

Well this one small bug has certainly given me plenty to do!

Thanks to a friend I proved the first real bug in the app today, where items not belonging to yourself may be listed in the my media section.

This should be an interesting one to get to the bottom of!

Stay tuned for the diagnosis of Bug 1.