Xaraya / Postnuke CVS Notices - Message

Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites

View Statistics - Next Notice - Previous Notice

Directory filter : [ all ] / postnuke_official / html / modules / categories [ view in CVS ]

Date Directory [filter] File(s) [view] Author [filter]
29 Jul 2002 14:06:34postnuke_official/html/modules/categoriespnadminapi.php,1.8,1.9Mike
 put security check inside loop

Update of /home/cvsroot/postnuke_official/html/modules/categories
In directory ns7.hostnuke.net:/tmp/cvs-serv9103

Modified Files:
	pnadminapi.php 
Log Message:
put security check inside loop


Index: pnadminapi.php
===================================================================
RCS file: /home/cvsroot/postnuke_official/html/modules/categories/pnadminapi.php,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** pnadminapi.php	29 Jul 2002 09:08:04 -0000	1.8
--- pnadminapi.php	29 Jul 2002 14:06:32 -0000	1.9
***************
*** 724,737 ****
             return false;
         }
-     }
- 
-     // Can't check that the items exist, we'll have to trust the caller
-     // Should there be an Items (or objects) Management Module in PostNuke?
  
!     // Security check
!     // TODO - look at security parameters, they are probably wrong
!     if (!pnSecAuthAction(0, "categories::category", "ID::$cid", ACCESS_ADD)) {
!         pnSessionSetVar('errormsg', _CATEGORIESNOAUTH);
!         return false;
      }
  
--- 724,737 ----
             return false;
         }
  
!         // Can't check that the items exist, we'll have to trust the caller
!         // Should there be an Items (or objects) Management Module in PostNuke?
!     
!         // Security check
!         // TODO - look at security parameters, they are probably wrong
!         if (!pnSecAuthAction(0, "categories::category", "ID::$cid", ACCESS_ADD)) {
!             pnSessionSetVar('errormsg', _CATEGORIESNOAUTH);
!             return false;
!         }
      }
  
***************
*** 745,755 ****
      if ($clean_first)
      {
-        // Security check
-        // TODO - look at security parameters, they are probably wrong
-        if (!pnSecAuthAction(0, "categories::category", "ID::$cid", ACCESS_EDIT)) {
-            pnSessionSetVar('errormsg', _CATEGORIESNOAUTH);
-            return false;
-        }
- 
         $sql = "DELETE FROM $categorieslinkagetable
                       WHERE $categorieslinkagecolumn[modid] = $args[modid] AND
--- 745,748 ----


Directory filter : [ all ] / postnuke_official / html / modules / categories [ view in CVS ]

View Statistics - Next Notice - Previous Notice


Visit Developer Site - Browse CVS Repository Syndicate via backend.rss
(max. once per hour please)
Powered by CVSNotice 0.1.3