4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
December 14, 2018, 04:34:35 AM

Login with username, password and session length
Search:     Advanced search
Follow 4images on twitter: Click here to follow!
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  Bug Fixes & Patches
| | |-+  [1.7 / 1.7.1] Sending a postcard does not check image/cat view permissions
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: [1.7 / 1.7.1] Sending a postcard does not check image/cat view permissions  (Read 15167 times)
V@no
If you don't tell me what to do, I won't tell you where you should go :)
Administrator
4images Guru
*****
Offline Offline

Posts: 17849

Thank You
-Given: 47
-Receive: 578

mmm PHP...


View Profile WWW
« on: March 14, 2005, 05:10:37 AM »

Because of this bug people are able see images through postcard creation page, which they dont have permissions to view.

Open postcards.php
Find:
1
  if (!check_permission("auth_sendpostcard", $cat_id)) {

Replace with:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/*
  FIX ACCESS RESTRICTED IMAGES
  ORIGINAL BLOCK:
  if (!check_permission("auth_sendpostcard", $cat_id)) {
*/ 
/*
  FIX ACCESS RESTRICTED IMAGES
  START REPLACE
*/
  if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !check_permission("auth_sendpostcard", $cat_id)) {
/*
  FIX ACCESS RESTRICTED IMAGES
  END REPLACE
*/
« Last Edit: March 15, 2005, 07:43:07 AM by V@no » Logged

Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.231 seconds with 19 queries.
Post your comments here