[geeklog-cvs] geeklog-1.3/public_html article.php,1.31,1.32
geeklog-cvs-admin at lists.geeklog.net
geeklog-cvs-admin at lists.geeklog.net
Sat Jun 21 16:47:14 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory internal.geeklog.net:/tmp/cvs-serv29739
Modified Files:
article.php
Log Message:
Prevent access to stories that have the draft flag set (unless the current has story.edit permission). Also added support for the '_msg_block' template override and did some source code cosmetics ...
Index: article.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/article.php,v
retrieving revision 1.31
retrieving revision 1.32
diff -C2 -d -r1.31 -r1.32
*** article.php 20 Jan 2003 19:10:44 -0000 1.31
--- article.php 21 Jun 2003 20:47:12 -0000 1.32
***************
*** 6,16 ****
// +---------------------------------------------------------------------------+
// | article.php |
- // | Shows articles in various formats. |
// | |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000,2001 by the following authors: |
// | |
! // | Authors: Tony Bibbs, tony at tonybibbs.com |
! // | Jason Whitttenburg, jwhitten at securitygeeks.com |
// +---------------------------------------------------------------------------+
// | |
--- 6,17 ----
// +---------------------------------------------------------------------------+
// | article.php |
// | |
+ // | Shows articles in various formats. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2003 by the following authors: |
// | |
! // | Authors: Tony Bibbs - tony at tonybibbs.com |
! // | Jason Whittenburg - jwhitten at securitygeeks.com |
! // | Dirk Haun - dirk at haun-online.de |
// +---------------------------------------------------------------------------+
// | |
***************
*** 63,69 ****
if ($type == 'poll') {
! $result = DB_query("SELECT count(*) as count FROM {$_TABLES['pollquestions']} WHERE qid = '$story'");
} else {
! $result = DB_query("SELECT count(*) as count FROM {$_TABLES['stories']} WHERE sid = '$story'");
}
$A = DB_fetchArray($result);
--- 64,70 ----
if ($type == 'poll') {
! $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['pollquestions']} WHERE qid = '$story'");
} else {
! $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE sid = '$story'");
}
$A = DB_fetchArray($result);
***************
*** 71,77 ****
if ($A['count'] > 0) {
if ($reply == $LANG01[25]) {
! echo COM_refresh($_CONF['site_url'] . "/comment.php?sid=$story&pid=$pid&type=$type");
} else {
! $result = DB_query ("SELECT sid,uid,tid,title,introtext,bodytext,hits,comments,featured,show_topic_icon,commentcode,postmode,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,unix_timestamp(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$story'");
$A = DB_fetchArray ($result);
--- 72,79 ----
if ($A['count'] > 0) {
if ($reply == $LANG01[25]) {
! echo COM_refresh ($_CONF['site_url']
! . "/comment.php?sid=$story&pid=$pid&type=$type");
} else {
! $result = DB_query ("SELECT sid,uid,tid,title,introtext,bodytext,hits,comments,featured,draft_flag,show_topic_icon,commentcode,postmode,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,unix_timestamp(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$story'");
$A = DB_fetchArray ($result);
***************
*** 79,92 ****
$A['perm_owner'], $A['perm_group'], $A['perm_members'],
$A['perm_anon']);
! if (($access == 0) OR !SEC_hasTopicAccess ($A['tid'])) {
$display .= COM_siteHeader ('menu')
! . COM_startBlock ($LANG_ACCESS['accessdenied'])
. $LANG_ACCESS['storydenialmsg']
! . COM_endBlock ()
. COM_siteFooter ();
! } elseif (($mode == "print") && ($_CONF['hideprintericon'] == 0)) {
$story_template = new Template($_CONF['path_layout'] . 'article');
$story_template->set_file('article','printable.thtml');
! $story_template->set_var('page_title',$_CONF['site_name'] . ': ' . stripslashes($A['title']));
$story_template->set_var('story_title',stripslashes($A['title']));
$curtime = COM_getUserDateTimeFormat($A['day']);
--- 81,97 ----
$A['perm_owner'], $A['perm_group'], $A['perm_members'],
$A['perm_anon']);
! if (($access == 0) OR !SEC_hasTopicAccess ($A['tid']) OR
! (($A['draft_flag'] == 1) AND !SEC_hasRights ('story.edit'))) {
$display .= COM_siteHeader ('menu')
! . COM_startBlock ($LANG_ACCESS['accessdenied'], '',
! COM_getBlockTemplate ('_msg_block', 'header'))
. $LANG_ACCESS['storydenialmsg']
! . COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'))
. COM_siteFooter ();
! } elseif (($mode == 'print') && ($_CONF['hideprintericon'] == 0)) {
$story_template = new Template($_CONF['path_layout'] . 'article');
$story_template->set_file('article','printable.thtml');
! $story_template->set_var('page_title',
! $_CONF['site_name'] . ': ' . stripslashes($A['title']));
$story_template->set_var('story_title',stripslashes($A['title']));
$curtime = COM_getUserDateTimeFormat($A['day']);
More information about the geeklog-cvs
mailing list