logo       
<prev    next>

[geeklog-cvs] geeklog: Check story permissions when emailing a story: msg#00048

geeklog-cvs

Subject: [geeklog-cvs] geeklog: Check story permissions when emailing a story

details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/c9f2a827ba80
changeset: 7209:c9f2a827ba80
user: Dirk Haun <dirk@xxxxxxxxxxxxxx>
date: Wed Jul 29 13:30:25 2009 +0200
description:
Check story permissions when emailing a story

diffstat:

public_html/profiles.php | 18 ++++++++++++++----
1 files changed, 14 insertions(+), 4 deletions(-)

diffs (42 lines):

diff -r dcbfd5270aa9 -r c9f2a827ba80 public_html/profiles.php
--- a/public_html/profiles.php Wed Jul 29 13:36:24 2009 +0200
+++ b/public_html/profiles.php Wed Jul 29 13:30:25 2009 +0200
@@ -314,9 +314,13 @@
return $retval;
}

- $sql = "SELECT
uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode
FROM {$_TABLES['stories']} WHERE sid = '$sid'";
- $result = DB_query ($sql);
- $A = DB_fetchArray ($result);
+ $sql = "SELECT
uid,title,introtext,bodytext,commentcode,UNIX_TIMESTAMP(date) AS day,postmode
FROM {$_TABLES['stories']} WHERE sid = '$sid'" . COM_getTopicSql('AND') .
COM_getPermSql('AND');
+ $result = DB_query($sql);
+ if (DB_numRows($result) == 0) {
+ return COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+ $A = DB_fetchArray($result);
+
$shortmsg = COM_stripslashes ($shortmsg);
$mailtext = sprintf ($LANG08[23], $from, $fromemail) . LB;
if (strlen ($shortmsg) > 0) {
@@ -339,7 +343,7 @@
$author = COM_getDisplayName ($A['uid']);
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
- if($A['postmode']==='wikitext'){
+ if ($A['postmode'] === 'wikitext') {
$mailtext .= LB
.
COM_undoSpecialChars(stripslashes(strip_tags(COM_renderWikiText($A['introtext'])))).LB.LB
.
COM_undoSpecialChars(stripslashes(strip_tags(COM_renderWikiText($A['bodytext'])))).LB.LB
@@ -413,6 +417,12 @@
return $retval;
}

+ $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']}
WHERE sid = '$sid'" . COM_getTopicSql('AND') . COM_getPermSql('AND'));
+ $A = DB_fetchArray($result);
+ if ($A['count'] == 0) {
+ return COM_refresh($_CONF['site_url'] . '/index.php');
+ }
+
if ($msg > 0) {
$retval .= COM_showMessage ($msg);
}
_______________________________________________
geeklog-cvs mailing list
geeklog-cvs@xxxxxxxxxxxxxxxxx
http://eight.pairlist.net/mailman/listinfo/geeklog-cvs

<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [geeklog-cvs] tools: Update for Geeklog 1.5.2sr5 / 1.6.0sr1, geeklog-cvs
Next by Date:  [geeklog-cvs] geeklog: Fixed XSS (reported by Gerendi Sandor Attila), geeklog-cvs
Previous by Thread:  [geeklog-cvs] geeklog: Check story permissions when emailing a story, geeklog-cvs
Next by Thread:  [geeklog-cvs] geeklog: Fixed XSS (reported by Gerendi Sandor Attila), geeklog-cvs
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | Mail Home | sitemap | FAQ | advertise