[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

[ic] Re: Security hole in IC admin

To: interchange-users@lists.akopia.com
Subject: [ic] Re: Security hole in IC admin
From: Jon Jensen <jon@akopia.com>
Date: Mon, 16 Apr 2001 19:01:07 -0500 (CDT)
In-Reply-To: <Pine.LNX.4.10.10104161720120.802-100000@www.akopia.com>
List-Id: Interchange Users (high volume) <interchange-users.lists.akopia.com>
Reply-To: interchange-users@lists.akopia.com
Sender: interchange-users-admin@lists.akopia.com

Another change. Because why should the patch for page_save be correct?
Like the first do_view patch, it repelled would-be vandals, but failed to
properly display the error message. Here's the correct version.

Jon


Index: page_save.html
===================================================================
RCS file: /anon_cvs/repository/interchange/dist/lib/UI/pages/admin/page_save.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- page_save.html      2000/12/07 22:53:23     1.6
+++ page_save.html      2001/04/14 22:28:29     1.7
@@ -1,3 +1,11 @@
+[if !session admin]
+[or !session logged_in]
+[then]
+       [set ui_error]Must be logged in as admin.[/set]
+       [bounce page="__UI_BASE__/error"]
+[/then]
+[/if]
+
 [perl]
        my @filters = grep /^ui_filter:/, keys %$CGI;
        foreach my $key (@filters) {


<end>


_______________________________________________
Interchange-users mailing list
Interchange-users@lists.akopia.com
http://lists.akopia.com/mailman/listinfo/interchange-users

References:
- [ic] Security hole in IC admin
  - From: Jon Jensen <jon@akopia.com>

Prev by Date: [ic] Re: Security hole in IC admin
Next by Date: Re: [ic] Taking a Poll
Prev by thread: [ic] Re: Security hole in IC admin
Next by thread: [ic] CVS-question
Index(es):
- Date
- Thread