diff options
| author | Andreas Gohr <gohr@cosmocode.de> | 2009-11-23 17:16:03 +0100 |
|---|---|---|
| committer | Adrian Lang <lang@cosmocode.de> | 2010-01-20 10:53:23 +0100 |
| commit | 3a5a6f4fe4a9f768f5c6418ba0694d67594ed701 (patch) | |
| tree | 1611a72e06ba44e9eddeb638c2441bf08b90df5b /lib/exe | |
| parent | 0314c21ae6c0eb9878650ad0e7aa4ad53be734b4 (diff) | |
| download | rpg-3a5a6f4fe4a9f768f5c6418ba0694d67594ed701.tar.gz rpg-3a5a6f4fe4a9f768f5c6418ba0694d67594ed701.tar.bz2 | |
correctly handle permissions in digest mailer
Ignore-this: c34455078907459a846cf7f00e2b586b
darcs-hash:20091123161603-6e07b-927477d6ca50e665228487eb0d3ce9787dbe455b.gz
Diffstat (limited to 'lib/exe')
| -rw-r--r-- | lib/exe/indexer.php | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/lib/exe/indexer.php b/lib/exe/indexer.php index 70aa607a9..1766c54f1 100644 --- a/lib/exe/indexer.php +++ b/lib/exe/indexer.php @@ -342,19 +342,24 @@ function runSitemapper(){ * @author Adrian Lang <lang@cosmocode.de> */ function sendDigest() { - require_once DOKU_INC . 'inc/subscription.php'; echo 'sendDigest(): start'.NL; global $ID; global $conf; if (!$conf['subscribers']) { return; } - + require_once DOKU_INC . 'inc/subscription.php'; $subscriptions = subscription_find($ID, array('style' => '(digest|list)', 'escaped' => true)); global $auth; global $lang; global $conf; + global $USERINFO; + + // remember current user info + $olduinfo = $USERINFO; + $olduser = $_SERVER['REMOTE_USER']; + foreach($subscriptions as $id => $users) { foreach($users as $data) { list($user, $style, $lastupdate) = $data; @@ -363,13 +368,11 @@ function sendDigest() { // Less than a day passed since last update. continue; } - // TODO: Does that suffice for namespaces? - $info = $auth->getUserData($user); - if ($info === false) { - continue; - } - $level = auth_aclcheck($id, $user, $info['grps']); - if ($level < AUTH_READ) { + + // Work as the user to make sure ACLs apply correctly + $USERINFO = $auth->getUserData($user); + $_SERVER['REMOTE_USER'] = $user; + if ($USERINFO === false) { continue; } @@ -389,6 +392,8 @@ function sendDigest() { } // TODO: Handle duplicate subscriptions. } else { + if(auth_quickacl($id) < AUTH_READ) continue; + $meta = p_get_metadata($id); $rev = $meta['last_change']['date']; if ($rev < $lastupdate) { @@ -402,6 +407,10 @@ function sendDigest() { subscription_set($user, $id, $style, time(), true); } } + + // restore current user info + $USERINFO = $olduinfo; + $_SERVER['REMOTE_USER'] = $olduser; } /** |