From: <dts...@us...> - 2003-06-05 14:13:14
|
Update of /cvsroot/phpwebsite-comm/modules/phpwsbb/class In directory sc8-pr-cvs1:/tmp/cvs-serv31394/class Modified Files: Message.php Log Message: Fixed bug that would let anonymous users edit/delete any anonymous post Index: Message.php =================================================================== RCS file: /cvsroot/phpwebsite-comm/modules/phpwsbb/class/Message.php,v retrieving revision 1.18 retrieving revision 1.19 diff -C2 -d -r1.18 -r1.19 *** Message.php 4 Jun 2003 21:53:38 -0000 1.18 --- Message.php 5 Jun 2003 14:03:24 -0000 1.19 *************** *** 79,86 **** $tags["POSTED"] = $_SESSION["translate"]->it("Posted by [var1] on [var2]", $poster, $this->getCreated()); ! if($_SESSION["OBJ_user"]->allow_access("phpwsbb", "edit_messages") || ($_SESSION["OBJ_user"]->username == $this->getOwner())) $tags["EDIT"] = "<a href=\"./index.php?module=phpwsbb&PHPWSBB_MAN_OP=edit&PHPWS_MAN_ITEMS[]=" . $this->getId() . "\">" . $_SESSION["translate"]->it("Edit") . "</a>"; ! if($_SESSION["OBJ_user"]->allow_access("phpwsbb", "delete_messages") || ($_SESSION["OBJ_user"]->username == $this->getOwner())) $tags["DELETE"] = "<a href=\"./index.php?module=phpwsbb&PHPWSBB_MAN_OP=deletemessage&PHPWS_MAN_ITEMS[]=" . $this->getId() . "\">" . $_SESSION["translate"]->it("Delete") . "</a>"; --- 79,87 ---- $tags["POSTED"] = $_SESSION["translate"]->it("Posted by [var1] on [var2]", $poster, $this->getCreated()); ! ! if($_SESSION["OBJ_user"]->allow_access("phpwsbb", "edit_messages") || ($this->getOwner() && ($_SESSION["OBJ_user"]->username == $this->getOwner()))) $tags["EDIT"] = "<a href=\"./index.php?module=phpwsbb&PHPWSBB_MAN_OP=edit&PHPWS_MAN_ITEMS[]=" . $this->getId() . "\">" . $_SESSION["translate"]->it("Edit") . "</a>"; ! if($_SESSION["OBJ_user"]->allow_access("phpwsbb", "delete_messages") || ($this->getOwner() && ($_SESSION["OBJ_user"]->username == $this->getOwner()))) $tags["DELETE"] = "<a href=\"./index.php?module=phpwsbb&PHPWSBB_MAN_OP=deletemessage&PHPWS_MAN_ITEMS[]=" . $this->getId() . "\">" . $_SESSION["translate"]->it("Delete") . "</a>"; |