[geeklog-hg] geeklog: Added additional checks to see if user has read access ...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sat Mar 23 13:24:47 EDT 2013 

changeset 9007:ae90c1448a9a
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/ae90c1448a9a
user: Tom <websitemaster at cogeco.net>
date: Sat Mar 23 13:23:38 2013 -0400
description:
Added additional checks to see if user has read access to topic. If not $topic is set to '' (all topics).

diffstat:

 public_html/lib-common.php |  14 +++++++++++++-
 system/lib-topic.php       |  15 ++++++++++++++-
 2 files changed, 27 insertions(+), 2 deletions(-)

diffs (77 lines):

diff -r e5bd3cd9244a -r ae90c1448a9a public_html/lib-common.php
--- a/public_html/lib-common.php	Sat Mar 23 13:18:23 2013 -0400
+++ b/public_html/lib-common.php	Sat Mar 23 13:23:38 2013 -0400
@@ -220,7 +220,7 @@
 require_once( $_CONF['path_system'] . 'lib-topic.php' );
 
 /**
-* Retrieve new topic or get last topic.
+* Retrieve new topic if found
 *
 */
 
@@ -231,6 +231,12 @@
 } else {
     $topic = '';
 }
+// See if user has access to view topic
+if ($topic != '') {
+    if ($topic != DB_getItem($_TABLES['topics'], 'tid', "tid = '$topic' " . COM_getPermSQL('AND'))) {
+        $topic = '';
+    }
+}
 
 /**
 * This is the block library used to manage blocks.
@@ -1259,6 +1265,9 @@
     }
     
     // Set last topic session variable
+    if ($topic == TOPIC_ALL_OPTION) {
+        $topic = ''; // Do not save 'all' option. Nothing is the same thing 
+    }
     SESS_setVariable('topic', $topic);
 
     // Call any plugin that may want to include extra Meta tags
@@ -1978,6 +1987,9 @@
     }
     
     // Set last topic session variable
+    if ($topic == TOPIC_ALL_OPTION) {
+        $topic = ''; // Do not save 'all' option. Nothing is the same thing 
+    }
     SESS_setVariable('topic', $topic);
 
     // Call any plugin that may want to include extra Meta tags
diff -r e5bd3cd9244a -r ae90c1448a9a system/lib-topic.php
--- a/system/lib-topic.php	Sat Mar 23 13:18:23 2013 -0400
+++ b/system/lib-topic.php	Sat Mar 23 13:23:38 2013 -0400
@@ -36,7 +36,11 @@
 // set to true to enable debug output in error.log
 $_TOPIC_DEBUG = false;
 
-define("TOPIC_ALL_OPTION", 'all');
+// These constants are used by topic assignments table and when the user selects 
+// a topic option. 
+// The global variable $topic should never be one of these. It should be set to
+// either a topic id the user has access to or empty (which means all topics).
+define("TOPIC_ALL_OPTION", 'all'); 
 define("TOPIC_NONE_OPTION", 'none');
 define("TOPIC_HOMEONLY_OPTION", 'homeonly');
 define("TOPIC_SELECTED_OPTION", 'selectedtopics');
@@ -1162,6 +1166,15 @@
     
     // Double check
     $topic = COM_applyFilter($topic);
+    if ($topic == TOPIC_ALL_OPTION) {
+        $topic = ''; // Do not use 'all' option. Nothing is the same thing 
+    }
+    // See if user has access to view topic
+    if ($topic != '') {
+        if ($topic != DB_getItem($_TABLES['topics'], 'tid', "tid = '$topic' " . COM_getPermSQL('AND'))) {
+            $topic = '';
+        }
+    }
     
     // Check and return Previous topic
     if ($topic == '') {

More information about the geeklog-cvs mailing list