phpwebsite-comm-cvs-commits

[<dts...@us...>]

Update of /cvsroot/phpwebsite-comm/modules/phpwsbb/class
In directory sc8-pr-cvs1:/tmp/cvs-serv31394/class

Modified Files:
	Message.php 
Log Message:
Fixed bug that would let anonymous users edit/delete any anonymous post


Index: Message.php
===================================================================
RCS file: /cvsroot/phpwebsite-comm/modules/phpwsbb/class/Message.php,v
retrieving revision 1.18
retrieving revision 1.19
diff -C2 -d -r1.18 -r1.19
*** Message.php	4 Jun 2003 21:53:38 -0000	1.18
--- Message.php	5 Jun 2003 14:03:24 -0000	1.19
***************
*** 79,86 ****
  
          $tags["POSTED"]     = $_SESSION["translate"]->it("Posted by [var1] on [var2]", $poster, $this->getCreated());
!         if($_SESSION["OBJ_user"]->allow_access("phpwsbb", "edit_messages") || ($_SESSION["OBJ_user"]->username == $this->getOwner()))
              $tags["EDIT"]      = "<a href=\"./index.php?module=phpwsbb&amp;PHPWSBB_MAN_OP=edit&amp;PHPWS_MAN_ITEMS[]=" . $this->getId() . "\">" . $_SESSION["translate"]->it("Edit") . "</a>";
  
!         if($_SESSION["OBJ_user"]->allow_access("phpwsbb", "delete_messages") || ($_SESSION["OBJ_user"]->username == $this->getOwner()))
              $tags["DELETE"]      = "<a href=\"./index.php?module=phpwsbb&amp;PHPWSBB_MAN_OP=deletemessage&amp;PHPWS_MAN_ITEMS[]=" . $this->getId() . "\">" . $_SESSION["translate"]->it("Delete") . "</a>";
  
--- 79,87 ----
  
          $tags["POSTED"]     = $_SESSION["translate"]->it("Posted by [var1] on [var2]", $poster, $this->getCreated());
! 
!         if($_SESSION["OBJ_user"]->allow_access("phpwsbb", "edit_messages") || ($this->getOwner() && ($_SESSION["OBJ_user"]->username == $this->getOwner())))
              $tags["EDIT"]      = "<a href=\"./index.php?module=phpwsbb&amp;PHPWSBB_MAN_OP=edit&amp;PHPWS_MAN_ITEMS[]=" . $this->getId() . "\">" . $_SESSION["translate"]->it("Edit") . "</a>";
  
!         if($_SESSION["OBJ_user"]->allow_access("phpwsbb", "delete_messages") || ($this->getOwner() && ($_SESSION["OBJ_user"]->username == $this->getOwner())))
              $tags["DELETE"]      = "<a href=\"./index.php?module=phpwsbb&amp;PHPWSBB_MAN_OP=deletemessage&amp;PHPWS_MAN_ITEMS[]=" . $this->getId() . "\">" . $_SESSION["translate"]->it("Delete") . "</a>";