appdb/. appview.php
WineHQ
wineowner at wine.codeweavers.com
Thu Jan 12 21:05:06 CST 2006
ChangeSet ID: 22258
CVSROOT: /opt/cvs-commit
Module name: appdb
Changes by: wineowner at winehq.org 2006/01/12 21:05:06
Modified files:
. : appview.php
Log message:
Chris Morgan <cmorgan at alum.wpi.edu>
Check that users can view applications and versions before displaying them. Present an error message if they lack permission. Fixes a bug where we were allowing users to view applications and versions that were rejected.
Patch: http://cvs.winehq.org/patch.py?id=22258
Old revision New revision Changes Path
1.76 1.77 +15 -0 appdb/appview.php
Index: appdb/appview.php
diff -u -p appdb/appview.php:1.76 appdb/appview.php:1.77
--- appdb/appview.php:1.76 13 Jan 2006 3: 5: 6 -0000
+++ appdb/appview.php 13 Jan 2006 3: 5: 6 -0000
@@ -191,6 +191,13 @@ if($_REQUEST['appId'])
{
$oApp = new Application($_REQUEST['appId']);
+ /* is this user supposed to view this version? */
+ if(!$_SESSION['current']->canViewApplication($oApp))
+ {
+ errorpage("Something went wrong with the application or version id");
+ exit;
+ }
+
// show Vote Menu
if($_SESSION['current']->isLoggedIn())
apidb_sidebar_add("vote_menu");
@@ -329,6 +336,14 @@ if($_REQUEST['appId'])
else if($_REQUEST['versionId'])
{
$oVersion = new Version($_REQUEST['versionId']);
+
+ /* is this user supposed to view this version? */
+ if(!$_SESSION['current']->canViewVersion($oVersion))
+ {
+ errorpage("Something went wrong with the application or version id");
+ exit;
+ }
+
$oApp = new Application($oVersion->iAppId);
if(!$oApp->iAppId)
{
More information about the wine-cvs
mailing list