diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2006-06-06 20:27:42 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2006-06-06 20:27:42 +0200 |
| commit | 5f312baccd3f152f55bb9ce0364cc18a99191959 (patch) | |
| tree | ece95657de8d03a9b34bad92fe0c05c5f620c081 | |
| parent | f4f02a0fc609c9599c14acc0d1a430d80516e5a6 (diff) | |
| download | rpg-5f312baccd3f152f55bb9ce0364cc18a99191959.tar.gz rpg-5f312baccd3f152f55bb9ce0364cc18a99191959.tar.bz2 | |
Fix for privilege escalation bug #825
This rechecks all ACLs a second time before the template is called,
avoiding similar problems in the future.
darcs-hash:20060606182742-7ad00-375c7989c8357c8a051b4966d06dbfde356bedb5.gz
| -rw-r--r-- | inc/actions.php | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/inc/actions.php b/inc/actions.php index e1576c179..194beaad3 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -29,68 +29,68 @@ function act_dispatch(){ //sanitize $ACT $ACT = act_clean($ACT); - + //check if searchword was given - else just show $s = cleanID($QUERY); if($ACT == 'search' && empty($s)){ $ACT = 'show'; } - + //login stuff if(in_array($ACT,array('login','logout'))) $ACT = act_auth($ACT); - + //check if user is asking to (un)subscribe a page if($ACT == 'subscribe' || $ACT == 'unsubscribe') $ACT = act_subscription($ACT); - + //check permissions $ACT = act_permcheck($ACT); - + //register if($ACT == 'register' && register()){ $ACT = 'login'; } - + if ($ACT == 'resendpwd' && act_resendpwd()) { $ACT = 'login'; } - + //update user profile if (($ACT == 'profile') && updateprofile()) { msg($lang['profchanged'],1); $ACT = 'show'; } - + //save if($ACT == 'save') $ACT = act_save($ACT); - + //draft deletion if($ACT == 'draftdel') $ACT = act_draftdel($ACT); - + //draft saving on preview if($ACT == 'preview') $ACT = act_draftsave($ACT); - + //edit if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){ $ACT = act_edit($ACT); }else{ unlock($ID); //try to unlock } - + //handle export if(substr($ACT,0,7) == 'export_') $ACT = act_export($ACT); - + //display some infos if($ACT == 'check'){ check(); $ACT = 'show'; } - + //handle admin tasks if($ACT == 'admin'){ // retrieve admin plugin name from $_REQUEST['page'] @@ -103,10 +103,14 @@ function act_dispatch(){ } } } + + // check permissions again - the action may have changed + $ACT = act_permcheck($ACT); } // end event ACTION_ACT_PREPROCESS default action $evt->advise_after(); unset($evt); + //call template FIXME: all needed vars available? $headers[] = 'Content-Type: text/html; charset=utf-8'; trigger_event('ACTION_HEADERS_SEND',$headers,act_sendheaders); @@ -431,4 +435,4 @@ function act_subscription($act){ return 'show'; } -//Setup VIM: ex: et ts=2 enc=utf-8 :
\ No newline at end of file +//Setup VIM: ex: et ts=2 enc=utf-8 : |