Menu
▾
▴
[phpwsbb-commits] phpwsbb/class Manager.php,1.34,1.35
|
From: Don S. <ri...@us...> - 2004-04-21 17:40:38
|
Update of /cvsroot/phpwsbb/phpwsbb/class In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4375/class Modified Files: Manager.php Log Message: BUG 938818 Fix security hole through search interface Index: Manager.php =================================================================== RCS file: /cvsroot/phpwsbb/phpwsbb/class/Manager.php,v retrieving revision 1.34 retrieving revision 1.35 diff -C2 -d -r1.34 -r1.35 *** Manager.php 9 Apr 2004 01:01:43 -0000 1.34 --- Manager.php 21 Apr 2004 17:40:28 -0000 1.35 *************** *** 388,397 **** $array = array(); ! $sql = "SELECT tid, label FROM " . PHPWS_TBL_PREFIX . "mod_phpwsbb_messages $where"; ! $result = $GLOBALS["core"]->query($sql); ! ! if($result) { ! while($row = $result->fetchRow(DB_FETCHMODE_ASSOC)) { ! $array[$row["tid"]] = $row["label"]; } } --- 388,402 ---- $array = array(); ! if(!$this->_allow_anon_view && !$_SESSION["OBJ_user"]->username) { ! $GLOBALS["CNT_phpwsbb"]["title"] = $_SESSION["translate"]->it("Anonymous Viewing Denied"); ! $GLOBALS["CNT_phpwsbb"]["content"] = $_SESSION["translate"]->it("Anonymous viewing of this bulletin board has been disabled. You must log-in to view this bulletin board."); ! } else { ! $sql = "SELECT tid, label FROM " . PHPWS_TBL_PREFIX . "mod_phpwsbb_messages $where"; ! $result = $GLOBALS["core"]->query($sql); ! ! if($result) { ! while($row = $result->fetchRow(DB_FETCHMODE_ASSOC)) { ! $array[$row["tid"]] = $row["label"]; ! } } } |
