/trunk/wb/admin/pages/delete.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 319

Added permission check to admin/pages/add.php to fix ticket #68. Also used get_page_permission, get_user_details, get_page_details in some places.

     require_once(WB_PATH.'/framework/functions.php');
     // Get perms
     $results = $database->query("SELECT admin_groups,admin_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'");
     $results_array = $results->fetchRow();
     if (!$admin->get_page_permission($page_id,'admin')) {
     	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
+    }
     // Find out more about the page
     $query = "SELECT * FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'";
-...
     if($results->numRows() == 0) {
     	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
+    }
     $results_array = $results->fetchRow();
     $old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));
     $old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));
     if(!is_numeric(array_search($admin->get_group_id(), $old_admin_groups)) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
     	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
+    }
     $visibility = $results_array['visibility'];

Also available in: Unified diff