4images Help / Hilfe > Bug Fixes & Patches
[1.7 / 1.7.1] Sending a postcard does not check image/cat view permissions
(1/1)
V@no:
Because of this bug people are able see images through postcard creation page, which they dont have permissions to view.
Open postcards.php
Find:
--- Code: --- if (!check_permission("auth_sendpostcard", $cat_id)) {
--- End code ---
Replace with:
--- Code: ---/*
FIX ACCESS RESTRICTED IMAGES
ORIGINAL BLOCK:
if (!check_permission("auth_sendpostcard", $cat_id)) {
*/
/*
FIX ACCESS RESTRICTED IMAGES
START REPLACE
*/
if (!check_permission("auth_viewcat", $cat_id) || !check_permission("auth_viewimage", $cat_id) || !check_permission("auth_sendpostcard", $cat_id)) {
/*
FIX ACCESS RESTRICTED IMAGES
END REPLACE
*/
--- End code ---
Navigation
[0] Message Index
Go to full version