4images Forum & Community

4images Help / Hilfe => Bug Fixes & Patches => Topic started by: V@no on March 14, 2005, 05:10:37 AM

Title: [1.7 / 1.7.1] Sending a postcard does not check image/cat view permissions
Post by: V@no on March 14, 2005, 05:10:37 AM: Because of this bug people are able see images through postcard creation page, which they dont have permissions to view.

Open postcards.php
Find:
Code: [Select]
if (!check_permission("auth_sendpostcard", $cat_id)) {
Replace with:
Code: [Select]
/* FIX ACCESS RESTRICTED IMAGES ORIGINAL BLOCK: if (!check_permission("auth_sendpostcard", $cat_id)) { */ /* FIX ACCESS RESTRICTED IMAGES START REPLACE */ if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !check_permission("auth_sendpostcard", $cat_id)) { /* FIX ACCESS RESTRICTED IMAGES END REPLACE */

SMF 2.0.19 | SMF © 2021, Simple Machines