From 42025dfd31bb5f331c665ae7dbb016fac993d52d Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Sun, 21 Aug 2011 01:01:59 +0200 Subject: Fix the permission and file existence check in the recent changes Before it was possible that changes for media files the user can't access were shown if the user could access a page with the same name. This also reverts the file existence check so it now really checks for media changes that the media file exists and for page changes the page and that not one of the two suffice for both. --- inc/changelog.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'inc/changelog.php') diff --git a/inc/changelog.php b/inc/changelog.php index 395e793c1..fea39f9f7 100644 --- a/inc/changelog.php +++ b/inc/changelog.php @@ -188,14 +188,14 @@ function getRecents($first,$num,$ns='',$flags=0){ // handle lines while ($lines_position >= 0 || (($flags & RECENTS_MEDIA_PAGES_MIXED) && $media_lines_position >=0)) { if (empty($rec) && $lines_position >= 0) { - $rec = _handleRecent(@$lines[$lines_position], $ns, $flags, $seen); + $rec = _handleRecent(@$lines[$lines_position], $ns, $flags & ~RECENTS_MEDIA_CHANGES, $seen); if (!$rec) { $lines_position --; continue; } } if (($flags & RECENTS_MEDIA_PAGES_MIXED) && empty($media_rec) && $media_lines_position >= 0) { - $media_rec = _handleRecent(@$media_lines[$media_lines_position], $ns, $flags, $seen); + $media_rec = _handleRecent(@$media_lines[$media_lines_position], $ns, $flags | RECENTS_MEDIA_CHANGES, $seen); if (!$media_rec) { $media_lines_position --; continue; @@ -312,11 +312,16 @@ function _handleRecent($line,$ns,$flags,&$seen){ if (($flags & RECENTS_SKIP_SUBSPACES) && (getNS($recent['id']) != $ns)) return false; // check ACL - $recent['perms'] = auth_quickaclcheck($recent['id']); + if ($flags & RECENTS_MEDIA_CHANGES) { + $recent['perms'] = auth_quickaclcheck(getNS($recent['id']).':*'); + } else { + $recent['perms'] = auth_quickaclcheck($recent['id']); + } if ($recent['perms'] < AUTH_READ) return false; // check existance - if(!@file_exists(wikiFN($recent['id'])) && !@file_exists(mediaFN($recent['id'])) && $flags & RECENTS_SKIP_DELETED) return false; + $fn = (($flags & RECENTS_MEDIA_CHANGES) ? mediaFN($recent['id']) : wikiFN($recent['id'])); + if((!@file_exists($fn)) && ($flags & RECENTS_SKIP_DELETED)) return false; return $recent; } -- cgit v1.2.3