[1.7 / 1.7.1] Sending a postcard does not check image/cat view permissions

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 30, 2010, 04:37:54 AM

[2009-05-13] 4images 1.7.7 released
[2009-06-15] 1.7-1.7.7 Security fix in includes/functions.php
[2007-08-11] 4images Mobile Server

4images Forum & Community

4images Help / Hilfe

Bug Fixes & Patches

[1.7 / 1.7.1] Sending a postcard does not check image/cat view permissions

0 Members and 1 Guest are viewing this topic.

« previous next »

Pages: [1]

Author

Topic: [1.7 / 1.7.1] Sending a postcard does not check image/cat view permissions (Read 10373 times)

V@no

If you don't tell me what to do, I won't tell you where you should go :)
Administrator

4images Guru

Offline

Posts: 17088

Thank You
-Given: 21
-Receive: 191

mmm PHP...

[1.7 / 1.7.1] Sending a postcard does not check image/cat view permissions

« on: March 14, 2005, 05:10:37 AM »

Because of this bug people are able see images through postcard creation page, which they dont have permissions to view.

Open postcards.php
Find:

Code: [Select] [Expand] [Hide line numbers]

1	`if (!check_permission("auth_sendpostcard", $cat_id)) {`

Replace with:

Code: [Select] [Expand] [Hide line numbers]

1
2
3
4
5
6
7
8
9
10
11
12
13
14 /* FIX ACCESS RESTRICTED IMAGES ORIGINAL BLOCK: if (!check_permission("auth_sendpostcard", $cat_id)) { */ /* FIX ACCESS RESTRICTED IMAGES START REPLACE */ if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !check_permission("auth_sendpostcard", $cat_id)) { /* FIX ACCESS RESTRICTED IMAGES END REPLACE */



« Last Edit: March 15, 2005, 07:43:07 AM by V@no »	Logged

Your first three "must do" before you ask a question:

Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)

Pages: [1]

« previous next »

Jump to:

piqs.de - Fotocommunity & lizenzfreie Fotos