diff options
| -rw-r--r-- | inc/fulltext.php | 28 | ||||
| -rw-r--r-- | inc/indexer.php | 3 |
2 files changed, 31 insertions, 0 deletions
diff --git a/inc/fulltext.php b/inc/fulltext.php index ff29f9deb..3940bc0c4 100644 --- a/inc/fulltext.php +++ b/inc/fulltext.php @@ -70,6 +70,15 @@ function ft_pageSearch($query,&$poswords){ if(!count($docs)) return array(); + // check ACL permissions + foreach(array_keys($docs) as $doc){ + if(auth_quickaclcheck($doc) < AUTH_READ){ + unset($docs[$doc]); + } + } + + if(!count($docs)) return array(); + // if there are any hits left, sort them by count arsort($docs); @@ -114,6 +123,15 @@ function ft_backlinks($id){ } } + if(!count($result)) return $result; + + // check ACL permissions + foreach(array_keys($result) as $idx){ + if(auth_quickaclcheck($result[$idx]) < AUTH_READ){ + unset($result[$idx]); + } + } + sort($result); return $result; } @@ -145,6 +163,16 @@ function ft_pageLookup($id,$pageonly=true){ continue; } } + + if(!count($pages)) return array(); + + // check ACL permissions + foreach(array_keys($pages) as $idx){ + if(auth_quickaclcheck($pages[$idx]) < AUTH_READ){ + unset($pages[$idx]); + } + } + sort($pages); return $pages; } diff --git a/inc/indexer.php b/inc/indexer.php index ce58f47a7..747463d0f 100644 --- a/inc/indexer.php +++ b/inc/indexer.php @@ -199,6 +199,9 @@ function idx_writeIndexLine($fh,$line,$pid,$count){ * Takes an array of word and will return a list of matching * documents for each one. * + * Important: No ACL checking is done here! All results are + * returned, regardless of permissions + * * @author Andreas Gohr <andi@splitbrain.org> */ function idx_lookup($words){ |