Xaraya / Postnuke CVS Notices - Message

Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites

View Statistics - Next Notice - Previous Notice

Directory filter : [ all ] / postnuke_official / html / modules / web_links [ view in CVS ]

Date Directory [filter] File(s) [view] Author [filter]
27 Jul 2002 21:44:18postnuke_official/html/modules/web_linkswl-viewlink.php,1.19.2.1,1.19.2.2 wl-navigation.php,1.11,1.11.2.1Andrey Lebedev
 Added security check to hide some web links categories from user who has no READ permission to this cat

Update of /home/cvsroot/postnuke_official/html/modules/web_links
In directory ns7.hostnuke.net:/tmp/cvs-serv25158

Modified Files:
      Tag: PostNuke_71
	wl-viewlink.php wl-navigation.php 
Log Message:
Added security check to hide some web links categories from user who has no READ permission to this cat


Index: wl-viewlink.php
===================================================================
RCS file: /home/cvsroot/postnuke_official/html/modules/web_links/Attic/wl-viewlink.php,v
retrieving revision 1.19.2.1
retrieving revision 1.19.2.2
diff -C2 -d -r1.19.2.1 -r1.19.2.2
*** wl-viewlink.php	25 Mar 2002 09:34:34 -0000	1.19.2.1
--- wl-viewlink.php	27 Jul 2002 21:44:15 -0000	1.19.2.2
***************
*** 55,58 ****
--- 55,59 ----
      list($dbconn) = pnDBGetConn();
      $pntable = pnDBGetTables();
+     $column = &$pntable['links_categories_column'];
          
      $perpage = pnConfigGetVar('perpage');
***************
*** 60,65 ****
      $locale = pnConfigGetVar('locale');
      
! 
! 
      if (!isset($min)) $min=0;
      if (!isset($max)) $max=$min+$perpage;
--- 61,75 ----
      $locale = pnConfigGetVar('locale');
      
!     // check if this or parent category is accessible to user
!     $result=$dbconn->Execute("select $column[parent_id], $column[title] from $pntable[links_categories] WHERE $column[cat_id]=$cid");
!     list($parent_id, $title) = $result->fields;
!     $result_par=$dbconn->Execute("select $column[title] from $pntable[links_categories] WHERE $column[cat_id]=$parent_id");
! 	list($parent_title) = $result_par->fields;
!     if (!pnSecAuthAction(0, 'Web Links::Category', "$title::$cid" , ACCESS_READ) or !pnSecAuthAction(0, 'Web Links::Category', "$parent_title::$parent_id" , ACCESS_READ)) {
!         echo "Not authorized";
!         include 'footer.php';
!         return;
!     }
! 	
      if (!isset($min)) $min=0;
      if (!isset($max)) $max=$min+$perpage;
***************
*** 77,81 ****
      
      OpenTable();
!     $column = &$pntable['links_categories_column'];
      $result=$dbconn->Execute("SELECT $column[title] , $column[cdescription] 
                          FROM $pntable[links_categories] 
--- 87,91 ----
      
      OpenTable();
! //    $column = &$pntable['links_categories_column'];
      $result=$dbconn->Execute("SELECT $column[title] , $column[cdescription] 
                          FROM $pntable[links_categories] 
***************
*** 330,332 ****
      include("footer.php");
  }
! ?>
\ No newline at end of file
--- 340,342 ----
      include("footer.php");
  }
! ?>

Index: wl-navigation.php
===================================================================
RCS file: /home/cvsroot/postnuke_official/html/modules/web_links/Attic/wl-navigation.php,v
retrieving revision 1.11
retrieving revision 1.11.2.1
diff -C2 -d -r1.11 -r1.11.2.1
*** wl-navigation.php	26 Feb 2002 01:32:46 -0000	1.11
--- wl-navigation.php	27 Jul 2002 21:44:15 -0000	1.11.2.1
***************
*** 56,59 ****
--- 56,63 ----
      {
          $result->MoveNext();
+ 		/* Hide this web link if have no access to it */
+         if (!pnSecAuthAction(0, 'Web Links::Category', "$title::$cat_id", ACCESS_READ)) {
+ 			continue;
+ 		}
          $cnumrows = CountSubLinks($cat_id);
  
***************
*** 148,150 ****
  }
  
! ?>
\ No newline at end of file
--- 152,154 ----
  }
  
! ?>


Directory filter : [ all ] / postnuke_official / html / modules / web_links [ view in CVS ]

View Statistics - Next Notice - Previous Notice


Visit Developer Site - Browse CVS Repository Syndicate via backend.rss
(max. once per hour please)
Powered by CVSNotice 0.1.3