[geeklog-cvs] Geeklog-1.x/system/classes story.class.php, 1.19, 1.20
Dirk Haun
dhaun at qs1489.pair.com
Thu Jan 3 13:55:48 EST 2008
Update of /cvsroot/geeklog/Geeklog-1.x/system/classes
In directory qs1489.pair.com:/tmp/cvs-serv9179/system/classes
Modified Files:
story.class.php
Log Message:
Use of wrong variable results in denial of edit permissions - unless you're a member of the Root group ...
Index: story.class.php
===================================================================
RCS file: /cvsroot/geeklog/Geeklog-1.x/system/classes/story.class.php,v
retrieving revision 1.19
retrieving revision 1.20
diff -C2 -d -r1.19 -r1.20
*** story.class.php 22 Dec 2007 14:38:30 -0000 1.19
--- story.class.php 3 Jan 2008 18:55:45 -0000 1.20
***************
*** 9,13 ****
// | Geeklog Story Abstraction. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2006-2007 by the following authors: |
// | |
// | Authors: Michael Jervis, mike AT fuckingbrit DOT com |
--- 9,13 ----
// | Geeklog Story Abstraction. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2006-2008 by the following authors: |
// | |
// | Authors: Michael Jervis, mike AT fuckingbrit DOT com |
***************
*** 684,689 ****
$article = DB_fetchArray($result);
/* Check Security */
! if (SEC_hasAccess($result['owner_id'], $result['group_id'], $result['perm_owner'], $result['perm_group'],
! $result['perm_members'], $result['perm_anon']) < 3) {
return STORY_EXISTING_NO_EDIT_PERMISSION;
}
--- 684,690 ----
$article = DB_fetchArray($result);
/* Check Security */
! if (SEC_hasAccess($article['owner_id'], $article['group_id'],
! $article['perm_owner'], $article['perm_group'],
! $article['perm_members'], $article['perm_anon']) < 3) {
return STORY_EXISTING_NO_EDIT_PERMISSION;
}
More information about the geeklog-cvs
mailing list