Author Topic: [1.7 / 1.7.1] Sending a postcard does not check image/cat view permissions  (Read 18574 times)

0 Members and 1 Guest are viewing this topic.

Offline V@no

  • If you don't tell me what to do, I won't tell you where you should go :)
  • Global Moderator
  • 4images Guru
  • *****
  • Posts: 17.849
  • mmm PHP...
    • View Profile
    • 4images MODs Demo
Because of this bug people are able see images through postcard creation page, which they dont have permissions to view.

Open postcards.php
Find:
Code: [Select]
  if (!check_permission("auth_sendpostcard", $cat_id)) {
Replace with:
Code: [Select]
/*
  FIX ACCESS RESTRICTED IMAGES
  ORIGINAL BLOCK:
  if (!check_permission("auth_sendpostcard", $cat_id)) {
*/ 
/*
  FIX ACCESS RESTRICTED IMAGES
  START REPLACE
*/
  if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !check_permission("auth_sendpostcard", $cat_id)) {
/*
  FIX ACCESS RESTRICTED IMAGES
  END REPLACE
*/
« Last Edit: March 15, 2005, 07:43:07 AM by V@no »
Your first three "must do" before you ask a question:
Please do not PM me asking for help unless you've been specifically asked to do so. Such PMs will be deleted without answer. (forum rule #6)
Extension for Firefox/Thunderbird: Master Password+    Back/Forward History Tweaks (restartless)    Cookies Manager+    Fit Images (restartless for Thunderbird)