[geeklog-hg] geeklog: Fix for changeset 41fd95df6f9e
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Sep 29 10:37:04 EDT 2013
changeset 9316:23d35a6e0bcd
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/23d35a6e0bcd
user: Tom <websitemaster at cogeco.net>
date: Sun Sep 29 10:34:14 2013 -0400
description:
Fix for changeset 41fd95df6f9e
diffstat:
public_html/staticpages/index.php | 20 ++++++++++++++++----
1 files changed, 16 insertions(+), 4 deletions(-)
diffs (31 lines):
diff -r ee410d72cb59 -r 23d35a6e0bcd public_html/staticpages/index.php
--- a/public_html/staticpages/index.php Sat Sep 28 20:34:29 2013 -0400
+++ b/public_html/staticpages/index.php Sun Sep 29 10:34:14 2013 -0400
@@ -90,11 +90,23 @@
}
}
-
-// Cannot view template staticpages directly. If template staticpage bail here if user doesn't have edit rights
+// Handle just template staticpage security here, rest done in services.
+// Cannot view template staticpages directly. If template staticpage bail here
+// if user doesn't have edit rights.
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '$page'") == 1) {
- COM_handle404();
- exit;
+ if (SEC_hasRights('staticpages.edit')) {
+ $perms = SP_getPerms('', '3');
+ if (!empty($perms)) {
+ $perms = ' AND ' . $perms;
+ }
+ if (DB_getItem($_TABLES['staticpage'], 'sp_id', "sp_id = '$page'" . $perms) == '') {
+ COM_handle404();
+ exit;
+ }
+ } else {
+ COM_handle404();
+ exit;
+ }
}
$retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query);
More information about the geeklog-cvs
mailing list