Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_official / html / modules / categories [ view in CVS ]
| Date | Directory [filter] | File(s) [view] | Author [filter] |
| 29 Jul 2002 14:06:34 | postnuke_official/html/modules/categories | pnadminapi.php,1.8,1.9 | Mike |
| put security check inside loop | |||
Update of /home/cvsroot/postnuke_official/html/modules/categories
In directory ns7.hostnuke.net:/tmp/cvs-serv9103
Modified Files:
pnadminapi.php
Log Message:
put security check inside loop
Index: pnadminapi.php
===================================================================
RCS file: /home/cvsroot/postnuke_official/html/modules/categories/pnadminapi.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** pnadminapi.php 29 Jul 2002 09:08:04 -0000 1.8
--- pnadminapi.php 29 Jul 2002 14:06:32 -0000 1.9
***************
*** 724,737 ****
return false;
}
- }
-
- // Can't check that the items exist, we'll have to trust the caller
- // Should there be an Items (or objects) Management Module in PostNuke?
! // Security check
! // TODO - look at security parameters, they are probably wrong
! if (!pnSecAuthAction(0, "categories::category", "ID::$cid", ACCESS_ADD)) {
! pnSessionSetVar('errormsg', _CATEGORIESNOAUTH);
! return false;
}
--- 724,737 ----
return false;
}
! // Can't check that the items exist, we'll have to trust the caller
! // Should there be an Items (or objects) Management Module in PostNuke?
!
! // Security check
! // TODO - look at security parameters, they are probably wrong
! if (!pnSecAuthAction(0, "categories::category", "ID::$cid", ACCESS_ADD)) {
! pnSessionSetVar('errormsg', _CATEGORIESNOAUTH);
! return false;
! }
}
***************
*** 745,755 ****
if ($clean_first)
{
- // Security check
- // TODO - look at security parameters, they are probably wrong
- if (!pnSecAuthAction(0, "categories::category", "ID::$cid", ACCESS_EDIT)) {
- pnSessionSetVar('errormsg', _CATEGORIESNOAUTH);
- return false;
- }
-
$sql = "DELETE FROM $categorieslinkagetable
WHERE $categorieslinkagecolumn[modid] = $args[modid] AND
--- 745,748 ----
View Statistics - Next Notice - Previous Notice
| Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |