Topics are shown regardless of permission :: Jørn Wildt :: Dealing with Zikula and other interesting stuff

Topics are shown regardless of permission

Posted: 10.02.2006, 00:31

rank:

12

registered:

March 2009

Status:

offline

last visit:

Posts:

0

I'll bet this has already been fixed; in:

function photosharePNGetTopics($currentTopic)

you should check that the user has access to the topics being returned.

For example, change:

Code
$sql = "SELECT $topicsColumn[tid], $topicsColumn[topictext] FROM $topicsTable ORDER BY $topicsColumn[topictext]";

to

Code
$sql = "SELECT $topicsColumn[tid], $topicsColumn[topictext], $topicsColumn[topicname] FROM $topicsTable ORDER BY $topicsColumn[topictext]";

and later in the same function, change this:

Code
for (; !$result->EOF; $result->MoveNext()) { $topics[] = array('id' => $result->fields[0], 'name' => $result->fields[1], 'selected' => ($result->fields[0] == $currentTopic)); }

to

Code
for (; !$result->EOF; $result->MoveNext()) { if(pnSecAuthAction(0, 'Topics::Topic', $result->fields[2]."::".$result->fields[0], ACCESS_READ)) { $topics[] = array('id' => $result->fields[0], 'name' => $result->fields[1], 'selected' => ($result->fields[0] == $currentTopic)); } }
- notify mod

Users online:

This list is based on the users active over the last 60 minutes.

Jørn Wildt