[geeklog-cvs] geeklog: Check story permissions when emailing a story
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Thu Jul 30 13:45:42 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/5c4b872f98ef
changeset: 7205:5c4b872f98ef
user: Dirk Haun <dirk at haun-online.de>
date: Wed Jul 29 13:30:25 2009 +0200
description:
Check story permissions when emailing a story
diffstat:
public_html/profiles.php | 18 ++++++++++++++----
1 files changed, 14 insertions(+), 4 deletions(-)
diffs (42 lines):
diff -r 463a2608020a -r 5c4b872f98ef public_html/profiles.php
--- a/public_html/profiles.php Wed Jul 29 13:36:24 2009 +0200
+++ b/public_html/profiles.php Wed Jul 29 13:30:25 2009 +0200
@@ -314,9 +314,13 @@
return $retval;
}
- $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '$sid'";
- $result = DB_query ($sql);
- $A = DB_fetchArray ($result);
+ $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND');
+ $result = DB_query($sql);
+ if (DB_numRows($result) == 0) {
+ return COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+ $A = DB_fetchArray($result);
+
$shortmsg = COM_stripslashes ($shortmsg);
$mailtext = sprintf ($LANG08[23], $from, $fromemail) . LB;
if (strlen ($shortmsg) > 0) {
@@ -339,7 +343,7 @@
$author = COM_getDisplayName ($A['uid']);
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
- if($A['postmode']==='wikitext'){
+ if ($A['postmode'] === 'wikitext') {
$mailtext .= LB
. COM_undoSpecialChars(stripslashes(strip_tags(COM_renderWikiText($A['introtext'])))).LB.LB
. COM_undoSpecialChars(stripslashes(strip_tags(COM_renderWikiText($A['bodytext'])))).LB.LB
@@ -413,6 +417,12 @@
return $retval;
}
+ $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND'));
+ $A = DB_fetchArray($result);
+ if ($A['count'] == 0) {
+ return COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+
if ($msg > 0) {
$retval .= COM_showMessage ($msg);
}
More information about the geeklog-cvs
mailing list