[geeklog-hg] geeklog: Update to changeset 61645d55e776. Fixing template and p...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sat Sep 28 17:53:13 EDT 2013 

changeset 9314:41fd95df6f9e
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/41fd95df6f9e
user: Tom <websitemaster at cogeco.net>
date: Sat Sep 28 17:37:59 2013 -0400
description:
Update to changeset 61645d55e776. Fixing template and php staticpage issues:
- Now template staticpages are not viewable by users without edit permission
- staticpage_content autotag now processes php and autotags on page being retrieved by autotag
- A template staticpage can now display another staticpage (by autotag) that uses it's own template staticpage

diffstat:

 plugins/staticpages/services.inc.php |  8 +-------
 public_html/staticpages/index.php    |  7 +++++++
 2 files changed, 8 insertions(+), 7 deletions(-)

diffs (35 lines):

diff -r 65719c39f72f -r 41fd95df6f9e plugins/staticpages/services.inc.php
--- a/plugins/staticpages/services.inc.php	Sat Sep 28 19:15:27 2013 +0900
+++ b/plugins/staticpages/services.inc.php	Sat Sep 28 17:37:59 2013 -0400
@@ -692,13 +692,7 @@
             if (! empty($perms)) {
                 $perms .= ' AND';
             }
-            if (isset($args['template'])) {
-                // Allow the viewing of a template since it is being retrieved by another staticpage
-                $perms .= '(draft_flag = 0)';
-            } else {
-                // Usually normal user cannot view staticpage that is a draft or template 
-                $perms .= '(draft_flag = 0) AND (template_flag = 0)';
-            } 
+            $perms .= '(draft_flag = 0)';
         }
         if (! empty($perms)) {
             $perms = ' AND ' . $perms;
diff -r 65719c39f72f -r 41fd95df6f9e public_html/staticpages/index.php
--- a/public_html/staticpages/index.php	Sat Sep 28 19:15:27 2013 +0900
+++ b/public_html/staticpages/index.php	Sat Sep 28 17:37:59 2013 -0400
@@ -90,6 +90,13 @@
     }
 }
 
+    
+// Cannot view template staticpages directly. If template staticpage bail here if user doesn't have edit rights
+if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '$page'") == 1) {
+    COM_handle404();
+    exit;
+}
+
 $retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query);
 
 if ($display_mode == 'print') {

More information about the geeklog-cvs mailing list