I have attached a patch which I think will solve
the problem. I am going to apply to the latest
development trunk, however you have to apply it
yourself to the CVS branch.
Dashamir
--- Jeremy Malcolm <[EMAIL PROTECTED]> wrote:
> Here's what I presume is another bug, but not one
> that I have a patch
> for. Go to http://www.malcolm.id.au/thesis/ and
> click on "Edit this
> page". It will let you, without authenticating you
> in any way.
>
> I don't particularly mind this (since it's a public
> wiki), but I don't
> think that is the designed behaviour, is it? I'm
> simply using
> "javascript:set_mode('edit')", which any random user
> could save into a
> copy of any DocBookWiki page (hence why it's a
> security hole for others).
>
> --
> Jeremy Malcolm LLB (Hons) B Com
> Internet and Open Source lawyer, IT consultant,
> actor
> host -t NAPTR 1.0.8.0.3.1.2.9.8.1.6.e164.org|awk -F!
> '{print $3}'
> > Using Tomcat but need to do more? Need to support
> web services, security?
> Get stuff done quickly with pre-integrated
> technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1
> based on Apache Geronimo
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> > _______________________________________________
> Doc-book-users mailing list
> [email protected]
>
https://lists.sourceforge.net/lists/listinfo/doc-book-users
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com Index: templates/docbook/docbook.php
===================================================================
--- templates/docbook/docbook.php (revision 6)
+++ templates/docbook/docbook.php (working copy)
@@ -49,7 +49,16 @@
function on_set_mode($event_args)
{
$mode = $event_args['mode'];
- $this->setSVar('mode', $mode);
+ $access_vars = $this->get_access_vars();
+ $access_vars['view'] = 'true';
+ if ($access_vars[$mode] == 'true')
+ {
+ $this->setSVar('mode', $mode);
+ }
+ else
+ {
+ WebApp::message(T_("Don't have access."));
+ }
}
function on_set_lng($event_args)
@@ -101,7 +110,9 @@
WebApp::addVars($vars);
WebApp::addVar('toc_path', './');
- $this->add_button_vars();
+ //add the variables {{approve}} and {{edit}} which are used
+ //to display the buttons Approve and Edit.
+ WebApp::addVars($this->get_access_vars());
//add state vars
$arr_state = get_node_state();
@@ -113,12 +124,13 @@
}
/**
- * Add the variables {{approve}} and {{edit}} which are used
- * to display the buttons Approve and Edit.
+ * Returns an associative array with keys 'edit', 'approve' and 'admin'
+ * and whith values 'true' or 'false', according to the access rights
+ * of the current user.
*/
- function add_button_vars()
+ function get_access_vars()
{
- $is_admin = WebApp::getVar('is_admin');
+ $is_admin = $this->is_admin();
if ( !defined('EDIT') )
{
//no buttons, if not in edit interface
@@ -147,9 +159,8 @@
$admin = 'false';
}
- WebApp::addVar('edit', $edit);
- WebApp::addVar('approve', $approve);
- WebApp::addVar('admin', $admin);
+ $vars = array('edit'=>$edit, 'approve'=>$approve, 'admin'=>$admin);
+ return $vars;
}
/**
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Doc-book-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/doc-book-users
