Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_official / html / modules / web_links [ view in CVS ]
| Date | Directory [filter] | File(s) [view] | Author [filter] |
| 27 Jul 2002 21:44:18 | postnuke_official/html/modules/web_links | wl-viewlink.php,1.19.2.1,1.19.2.2 wl-navigation.php,1.11,1.11.2.1 | Andrey Lebedev |
| Added security check to hide some web links categories from user who has no READ permission to this cat | |||
Update of /home/cvsroot/postnuke_official/html/modules/web_links
In directory ns7.hostnuke.net:/tmp/cvs-serv25158
Modified Files:
Tag: PostNuke_71
wl-viewlink.php wl-navigation.php
Log Message:
Added security check to hide some web links categories from user who has no READ permission to this cat
Index: wl-viewlink.php
===================================================================
RCS file: /home/cvsroot/postnuke_official/html/modules/web_links/Attic/wl-viewlink.php,v
retrieving revision 1.19.2.1
retrieving revision 1.19.2.2
diff -C2 -d -r1.19.2.1 -r1.19.2.2
*** wl-viewlink.php 25 Mar 2002 09:34:34 -0000 1.19.2.1
--- wl-viewlink.php 27 Jul 2002 21:44:15 -0000 1.19.2.2
***************
*** 55,58 ****
--- 55,59 ----
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
+ $column = &$pntable['links_categories_column'];
$perpage = pnConfigGetVar('perpage');
***************
*** 60,65 ****
$locale = pnConfigGetVar('locale');
!
!
if (!isset($min)) $min=0;
if (!isset($max)) $max=$min+$perpage;
--- 61,75 ----
$locale = pnConfigGetVar('locale');
! // check if this or parent category is accessible to user
! $result=$dbconn->Execute("select $column[parent_id], $column[title] from $pntable[links_categories] WHERE $column[cat_id]=$cid");
! list($parent_id, $title) = $result->fields;
! $result_par=$dbconn->Execute("select $column[title] from $pntable[links_categories] WHERE $column[cat_id]=$parent_id");
! list($parent_title) = $result_par->fields;
! if (!pnSecAuthAction(0, 'Web Links::Category', "$title::$cid" , ACCESS_READ) or !pnSecAuthAction(0, 'Web Links::Category', "$parent_title::$parent_id" , ACCESS_READ)) {
! echo "Not authorized";
! include 'footer.php';
! return;
! }
!
if (!isset($min)) $min=0;
if (!isset($max)) $max=$min+$perpage;
***************
*** 77,81 ****
OpenTable();
! $column = &$pntable['links_categories_column'];
$result=$dbconn->Execute("SELECT $column[title] , $column[cdescription]
FROM $pntable[links_categories]
--- 87,91 ----
OpenTable();
! // $column = &$pntable['links_categories_column'];
$result=$dbconn->Execute("SELECT $column[title] , $column[cdescription]
FROM $pntable[links_categories]
***************
*** 330,332 ****
include("footer.php");
}
! ?>
\ No newline at end of file
--- 340,342 ----
include("footer.php");
}
! ?>
Index: wl-navigation.php
===================================================================
RCS file: /home/cvsroot/postnuke_official/html/modules/web_links/Attic/wl-navigation.php,v
retrieving revision 1.11
retrieving revision 1.11.2.1
diff -C2 -d -r1.11 -r1.11.2.1
*** wl-navigation.php 26 Feb 2002 01:32:46 -0000 1.11
--- wl-navigation.php 27 Jul 2002 21:44:15 -0000 1.11.2.1
***************
*** 56,59 ****
--- 56,63 ----
{
$result->MoveNext();
+ /* Hide this web link if have no access to it */
+ if (!pnSecAuthAction(0, 'Web Links::Category', "$title::$cat_id", ACCESS_READ)) {
+ continue;
+ }
$cnumrows = CountSubLinks($cat_id);
***************
*** 148,150 ****
}
! ?>
\ No newline at end of file
--- 152,154 ----
}
! ?>
View Statistics - Next Notice - Previous Notice
| Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |