[geeklog-cvs] geeklog-1.3/system/classes search.class.php,1.8,1.9

geeklog-cvs-admin at lists.geeklog.net geeklog-cvs-admin at lists.geeklog.net
Wed Jul 23 13:13:53 EDT 2003 

Update of /usr/cvs/geeklog/geeklog-1.3/system/classes
In directory internal.geeklog.net:/tmp/cvs-serv22954

Modified Files:
	search.class.php 
Log Message:
Fix to disallow access to the extended search for anonymous users (as in pre-1.3.8 search).


Index: search.class.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/system/classes/search.class.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** search.class.php	20 Jul 2003 16:03:19 -0000	1.8
--- search.class.php	23 Jul 2003 17:13:51 -0000	1.9
***************
*** 808,812 ****
      {
          global $_USER, $_CONF;
!         
          if (empty($_USER['username']) AND (($_CONF['loginrequired'] == 1) OR ($_CONF['searchloginrequired'] == 2))) {
              return false;
--- 808,812 ----
      {
          global $_USER, $_CONF;
! 
          if (empty($_USER['username']) AND (($_CONF['loginrequired'] == 1) OR ($_CONF['searchloginrequired'] == 2))) {
              return false;
***************
*** 819,823 ****
          return true;
      }
!     
      function _getSummary($query,$fullText)
      {
--- 819,846 ----
          return true;
      }
! 
!     /**
!     * Determines if user is allowed to use the search form
!     *
!     * Geeklog has a number of settings that may prevent
!     * the access anonymous users have to the search engine.
!     * This performs those checks
!     *
!     * @author Dirk Haun <Dirk AT haun-online DOT de>
!     * @access private
!     * @return boolean True if form usage is allowed, otherwise false
!     *
!     */
!     function _isFormAllowed ()
!     {
!         global $_USER, $_CONF;
! 
!         if (empty($_USER['username']) AND (($_CONF['loginrequired'] == 1) OR ($_CONF['searchloginrequired'] >= 1))) {
!             return false;
!         }
! 
!         return true;
!     }
! 
      function _getSummary($query,$fullText)
      {
***************
*** 892,895 ****
--- 915,923 ----
      {
          global $_TABLES, $LANG09, $_CONF;
+ 
+         // Verify current user my use the search form
+         if (!$this->_isFormAllowed()) {
+             return $this->_getAccessDeniedMessage();
+         }
  
          $retval .= COM_startBlock($LANG09[1],'advancedsearch.html');

More information about the geeklog-cvs mailing list