[geeklog-hg] geeklog: Fix for changeset 41fd95df6f9e

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Sun Sep 29 10:37:04 EDT 2013 

changeset 9316:23d35a6e0bcd
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/23d35a6e0bcd
user: Tom <websitemaster at cogeco.net>
date: Sun Sep 29 10:34:14 2013 -0400
description:
Fix for changeset 41fd95df6f9e

diffstat:

 public_html/staticpages/index.php |  20 ++++++++++++++++----
 1 files changed, 16 insertions(+), 4 deletions(-)

diffs (31 lines):

diff -r ee410d72cb59 -r 23d35a6e0bcd public_html/staticpages/index.php
--- a/public_html/staticpages/index.php	Sat Sep 28 20:34:29 2013 -0400
+++ b/public_html/staticpages/index.php	Sun Sep 29 10:34:14 2013 -0400
@@ -90,11 +90,23 @@
     }
 }
 
-    
-// Cannot view template staticpages directly. If template staticpage bail here if user doesn't have edit rights
+// Handle just template staticpage security here, rest done in services.     
+// Cannot view template staticpages directly. If template staticpage bail here 
+// if user doesn't have edit rights. 
 if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '$page'") == 1) {
-    COM_handle404();
-    exit;
+    if (SEC_hasRights('staticpages.edit')) {
+        $perms = SP_getPerms('', '3');
+        if (!empty($perms)) {
+            $perms = ' AND ' . $perms;
+        }
+        if (DB_getItem($_TABLES['staticpage'], 'sp_id', "sp_id = '$page'" . $perms) == '') {
+            COM_handle404();
+            exit;
+        }
+    } else {
+        COM_handle404();
+        exit;
+    }        
 }
 
 $retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query);

More information about the geeklog-cvs mailing list