Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_official / html / modules / categories [ view in CVS ]
Date | Directory [filter] | File(s) [view] | Author [filter] |
29 Jul 2002 14:06:34 | postnuke_official/html/modules/categories | pnadminapi.php,1.8,1.9 | Mike |
put security check inside loop |
Update of /home/cvsroot/postnuke_official/html/modules/categories In directory ns7.hostnuke.net:/tmp/cvs-serv9103 Modified Files: pnadminapi.php Log Message: put security check inside loop Index: pnadminapi.php =================================================================== RCS file: /home/cvsroot/postnuke_official/html/modules/categories/pnadminapi.php,v retrieving revision 1.8 retrieving revision 1.9 diff -C2 -d -r1.8 -r1.9 *** pnadminapi.php 29 Jul 2002 09:08:04 -0000 1.8 --- pnadminapi.php 29 Jul 2002 14:06:32 -0000 1.9 *************** *** 724,737 **** return false; } - } - - // Can't check that the items exist, we'll have to trust the caller - // Should there be an Items (or objects) Management Module in PostNuke? ! // Security check ! // TODO - look at security parameters, they are probably wrong ! if (!pnSecAuthAction(0, "categories::category", "ID::$cid", ACCESS_ADD)) { ! pnSessionSetVar('errormsg', _CATEGORIESNOAUTH); ! return false; } --- 724,737 ---- return false; } ! // Can't check that the items exist, we'll have to trust the caller ! // Should there be an Items (or objects) Management Module in PostNuke? ! ! // Security check ! // TODO - look at security parameters, they are probably wrong ! if (!pnSecAuthAction(0, "categories::category", "ID::$cid", ACCESS_ADD)) { ! pnSessionSetVar('errormsg', _CATEGORIESNOAUTH); ! return false; ! } } *************** *** 745,755 **** if ($clean_first) { - // Security check - // TODO - look at security parameters, they are probably wrong - if (!pnSecAuthAction(0, "categories::category", "ID::$cid", ACCESS_EDIT)) { - pnSessionSetVar('errormsg', _CATEGORIESNOAUTH); - return false; - } - $sql = "DELETE FROM $categorieslinkagetable WHERE $categorieslinkagecolumn[modid] = $args[modid] AND --- 745,748 ----
View Statistics - Next Notice - Previous Notice
Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |