Update of /cvsroot/phpwsbb/phpwsbb/class
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv4375/class
Modified Files:
Manager.php
Log Message:
BUG 938818 Fix security hole through search interface
Index: Manager.php
===================================================================
RCS file: /cvsroot/phpwsbb/phpwsbb/class/Manager.php,v
retrieving revision 1.34
retrieving revision 1.35
diff -C2 -d -r1.34 -r1.35
*** Manager.php 9 Apr 2004 01:01:43 -0000 1.34
--- Manager.php 21 Apr 2004 17:40:28 -0000 1.35
***************
*** 388,397 ****
$array = array();
! $sql = "SELECT tid, label FROM " . PHPWS_TBL_PREFIX . "mod_phpwsbb_messages $where";
! $result = $GLOBALS["core"]->query($sql);
!
! if($result) {
! while($row = $result->fetchRow(DB_FETCHMODE_ASSOC)) {
! $array[$row["tid"]] = $row["label"];
}
}
--- 388,402 ----
$array = array();
! if(!$this->_allow_anon_view && !$_SESSION["OBJ_user"]->username) {
! $GLOBALS["CNT_phpwsbb"]["title"] = $_SESSION["translate"]->it("Anonymous Viewing Denied");
! $GLOBALS["CNT_phpwsbb"]["content"] = $_SESSION["translate"]->it("Anonymous viewing of this bulletin board has been disabled. You must log-in to view this bulletin board.");
! } else {
! $sql = "SELECT tid, label FROM " . PHPWS_TBL_PREFIX . "mod_phpwsbb_messages $where";
! $result = $GLOBALS["core"]->query($sql);
!
! if($result) {
! while($row = $result->fetchRow(DB_FETCHMODE_ASSOC)) {
! $array[$row["tid"]] = $row["label"];
! }
}
}
|
