Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_official / html / modules / web_links [ view in CVS ]
Date | Directory [filter] | File(s) [view] | Author [filter] |
27 Jul 2002 21:44:18 | postnuke_official/html/modules/web_links | wl-viewlink.php,1.19.2.1,1.19.2.2 wl-navigation.php,1.11,1.11.2.1 | Andrey Lebedev |
Added security check to hide some web links categories from user who has no READ permission to this cat |
Update of /home/cvsroot/postnuke_official/html/modules/web_links In directory ns7.hostnuke.net:/tmp/cvs-serv25158 Modified Files: Tag: PostNuke_71 wl-viewlink.php wl-navigation.php Log Message: Added security check to hide some web links categories from user who has no READ permission to this cat Index: wl-viewlink.php =================================================================== RCS file: /home/cvsroot/postnuke_official/html/modules/web_links/Attic/wl-viewlink.php,v retrieving revision 1.19.2.1 retrieving revision 1.19.2.2 diff -C2 -d -r1.19.2.1 -r1.19.2.2 *** wl-viewlink.php 25 Mar 2002 09:34:34 -0000 1.19.2.1 --- wl-viewlink.php 27 Jul 2002 21:44:15 -0000 1.19.2.2 *************** *** 55,58 **** --- 55,59 ---- list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); + $column = &$pntable['links_categories_column']; $perpage = pnConfigGetVar('perpage'); *************** *** 60,65 **** $locale = pnConfigGetVar('locale'); ! ! if (!isset($min)) $min=0; if (!isset($max)) $max=$min+$perpage; --- 61,75 ---- $locale = pnConfigGetVar('locale'); ! // check if this or parent category is accessible to user ! $result=$dbconn->Execute("select $column[parent_id], $column[title] from $pntable[links_categories] WHERE $column[cat_id]=$cid"); ! list($parent_id, $title) = $result->fields; ! $result_par=$dbconn->Execute("select $column[title] from $pntable[links_categories] WHERE $column[cat_id]=$parent_id"); ! list($parent_title) = $result_par->fields; ! if (!pnSecAuthAction(0, 'Web Links::Category', "$title::$cid" , ACCESS_READ) or !pnSecAuthAction(0, 'Web Links::Category', "$parent_title::$parent_id" , ACCESS_READ)) { ! echo "Not authorized"; ! include 'footer.php'; ! return; ! } ! if (!isset($min)) $min=0; if (!isset($max)) $max=$min+$perpage; *************** *** 77,81 **** OpenTable(); ! $column = &$pntable['links_categories_column']; $result=$dbconn->Execute("SELECT $column[title] , $column[cdescription] FROM $pntable[links_categories] --- 87,91 ---- OpenTable(); ! // $column = &$pntable['links_categories_column']; $result=$dbconn->Execute("SELECT $column[title] , $column[cdescription] FROM $pntable[links_categories] *************** *** 330,332 **** include("footer.php"); } ! ?> \ No newline at end of file --- 340,342 ---- include("footer.php"); } ! ?> Index: wl-navigation.php =================================================================== RCS file: /home/cvsroot/postnuke_official/html/modules/web_links/Attic/wl-navigation.php,v retrieving revision 1.11 retrieving revision 1.11.2.1 diff -C2 -d -r1.11 -r1.11.2.1 *** wl-navigation.php 26 Feb 2002 01:32:46 -0000 1.11 --- wl-navigation.php 27 Jul 2002 21:44:15 -0000 1.11.2.1 *************** *** 56,59 **** --- 56,63 ---- { $result->MoveNext(); + /* Hide this web link if have no access to it */ + if (!pnSecAuthAction(0, 'Web Links::Category', "$title::$cat_id", ACCESS_READ)) { + continue; + } $cnumrows = CountSubLinks($cat_id); *************** *** 148,150 **** } ! ?> \ No newline at end of file --- 152,154 ---- } ! ?>
View Statistics - Next Notice - Previous Notice
Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |