diff options
| author | Michael Hamann <michael@content-space.de> | 2011-08-21 01:01:59 +0200 |
|---|---|---|
| committer | Michael Hamann <michael@content-space.de> | 2011-08-21 13:53:56 +0200 |
| commit | 42025dfd31bb5f331c665ae7dbb016fac993d52d (patch) | |
| tree | c49d911397148b388b750726e36ffe1f544a7090 | |
| parent | 10799f9c522a9847ebf5f2f7c91d4af7f160e4b8 (diff) | |
| download | rpg-42025dfd31bb5f331c665ae7dbb016fac993d52d.tar.gz rpg-42025dfd31bb5f331c665ae7dbb016fac993d52d.tar.bz2 | |
Fix the permission and file existence check in the recent changes
Before it was possible that changes for media files the user can't
access were shown if the user could access a page with the same name.
This also reverts the file existence check so it now really checks for
media changes that the media file exists and for page changes the page
and that not one of the two suffice for both.
| -rw-r--r-- | inc/changelog.php | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/inc/changelog.php b/inc/changelog.php index 395e793c1..fea39f9f7 100644 --- a/inc/changelog.php +++ b/inc/changelog.php @@ -188,14 +188,14 @@ function getRecents($first,$num,$ns='',$flags=0){ // handle lines while ($lines_position >= 0 || (($flags & RECENTS_MEDIA_PAGES_MIXED) && $media_lines_position >=0)) { if (empty($rec) && $lines_position >= 0) { - $rec = _handleRecent(@$lines[$lines_position], $ns, $flags, $seen); + $rec = _handleRecent(@$lines[$lines_position], $ns, $flags & ~RECENTS_MEDIA_CHANGES, $seen); if (!$rec) { $lines_position --; continue; } } if (($flags & RECENTS_MEDIA_PAGES_MIXED) && empty($media_rec) && $media_lines_position >= 0) { - $media_rec = _handleRecent(@$media_lines[$media_lines_position], $ns, $flags, $seen); + $media_rec = _handleRecent(@$media_lines[$media_lines_position], $ns, $flags | RECENTS_MEDIA_CHANGES, $seen); if (!$media_rec) { $media_lines_position --; continue; @@ -312,11 +312,16 @@ function _handleRecent($line,$ns,$flags,&$seen){ if (($flags & RECENTS_SKIP_SUBSPACES) && (getNS($recent['id']) != $ns)) return false; // check ACL - $recent['perms'] = auth_quickaclcheck($recent['id']); + if ($flags & RECENTS_MEDIA_CHANGES) { + $recent['perms'] = auth_quickaclcheck(getNS($recent['id']).':*'); + } else { + $recent['perms'] = auth_quickaclcheck($recent['id']); + } if ($recent['perms'] < AUTH_READ) return false; // check existance - if(!@file_exists(wikiFN($recent['id'])) && !@file_exists(mediaFN($recent['id'])) && $flags & RECENTS_SKIP_DELETED) return false; + $fn = (($flags & RECENTS_MEDIA_CHANGES) ? mediaFN($recent['id']) : wikiFN($recent['id'])); + if((!@file_exists($fn)) && ($flags & RECENTS_SKIP_DELETED)) return false; return $recent; } |