Public Access / Add Events Off
Brought to you by:
cknudsen
In version 0.9.42 where the system settings are set for public
access on, public add events off a public user still can add an
event to the public calendar. This is done by entering
edit_entry.php in the url.
A solution is to add the code below to line 104 of connect.php
if( $public_access_can_add != "Y") { //Do not allow add
if ( strstr ( $PHP_SELF, "edit_entry.php" ) ||
strstr ( $PHP_SELF, "edit_entry_handler.php" ) ||
strstr ( $PHP_SELF, "import.php" ) ) {
$not_auth = true;
}
}
Logged In: YES
user_id=14386
The fix for this bug is already in CVS, and will be included in
the next release.