[geeklog-cvs] geeklog: Check story permissions when emailing a story

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Thu Jul 30 13:45:42 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/5c4b872f98ef
changeset: 7205:5c4b872f98ef
user:      Dirk Haun <dirk at haun-online.de>
date:      Wed Jul 29 13:30:25 2009 +0200
description:
Check story permissions when emailing a story

diffstat:

 public_html/profiles.php |  18 ++++++++++++++----
 1 files changed, 14 insertions(+), 4 deletions(-)

diffs (42 lines):

diff -r 463a2608020a -r 5c4b872f98ef public_html/profiles.php
--- a/public_html/profiles.php	Wed Jul 29 13:36:24 2009 +0200
+++ b/public_html/profiles.php	Wed Jul 29 13:30:25 2009 +0200
@@ -314,9 +314,13 @@
         return $retval;
     }
 
-    $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '$sid'";
-    $result = DB_query ($sql);
-    $A = DB_fetchArray ($result);
+    $sql = "SELECT uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND');
+    $result = DB_query($sql);
+    if (DB_numRows($result) == 0) {
+        return COM_refresh($_CONF['site_url'] . '/index.php');
+    }
+    $A = DB_fetchArray($result);
+
     $shortmsg = COM_stripslashes ($shortmsg);
     $mailtext = sprintf ($LANG08[23], $from, $fromemail) . LB;
     if (strlen ($shortmsg) > 0) {
@@ -339,7 +343,7 @@
         $author = COM_getDisplayName ($A['uid']);
         $mailtext .= $LANG01[1] . ' ' . $author . LB;
     }
-    if($A['postmode']==='wikitext'){
+    if ($A['postmode'] === 'wikitext') {
         $mailtext .= LB
             . COM_undoSpecialChars(stripslashes(strip_tags(COM_renderWikiText($A['introtext'])))).LB.LB
             . COM_undoSpecialChars(stripslashes(strip_tags(COM_renderWikiText($A['bodytext'])))).LB.LB
@@ -413,6 +417,12 @@
         return $retval;
     }
 
+    $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND'));
+    $A = DB_fetchArray($result);
+    if ($A['count'] == 0) {
+        return COM_refresh($_CONF['site_url'] . '/index.php');
+    }
+
     if ($msg > 0) {
         $retval .= COM_showMessage ($msg);
     }

More information about the geeklog-cvs mailing list