claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check that users can view applications and versions before displaying them. Present an error message if they lack permission. Fixes a bug where we were allowing users to view applications and versions that were rejected.

Browse Source
This commit is contained in:
Chris Morgan
2006-01-13 03:05:06 +00:00
committed by WineHQ
parent 8786179180
commit 2be058a66d
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
appview.php
View File

@@ -191,6 +191,13 @@ if($_REQUEST['appId'])
{ {
$oApp = new Application($_REQUEST['appId']); $oApp = new Application($_REQUEST['appId']);
/* is this user supposed to view this version? */
if(!$_SESSION['current']->canViewApplication($oApp))
{
errorpage("Something went wrong with the application or version id");
exit;
}
// show Vote Menu // show Vote Menu
if($_SESSION['current']->isLoggedIn()) if($_SESSION['current']->isLoggedIn())
apidb_sidebar_add("vote_menu"); apidb_sidebar_add("vote_menu");
@@ -329,6 +336,14 @@ if($_REQUEST['appId'])
else if($_REQUEST['versionId']) else if($_REQUEST['versionId'])
{ {
$oVersion = new Version($_REQUEST['versionId']); $oVersion = new Version($_REQUEST['versionId']);
/* is this user supposed to view this version? */
if(!$_SESSION['current']->canViewVersion($oVersion))
{
errorpage("Something went wrong with the application or version id");
exit;
}
$oApp = new Application($oVersion->iAppId); $oApp = new Application($oVersion->iAppId);
if(!$oApp->iAppId) if(!$oApp->iAppId)
{ {