Critical: Permissions were not correctly checked before fetching wiki pages.

*All wiki pages where public since last release*

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>

diff --git a/classes/plwikipage.php b/classes/plwikipage.php
index 787b293..e60b21a 100644 (file)
--- a/classes/plwikipage.php
+++ b/classes/plwikipage.php
@@ -421,11 +421,16 @@ class PlWikiPage
           case 'public':
             return;
           case 'logged':
-            Platal::session()->start(AUTH_PUBLIC + 1);
-            return;
+            $ok = Platal::session()->start(AUTH_PUBLIC + 1);
+            break;
           default:
-            Platal::session()->start(Platal::session()->sureLevel());
-            return;
+            $ok = Platal::session()->start(Platal::session()->sureLevel());
+            break;
+        }
+        if (!$ok) {
+            global $platal;
+            $page =& Platal::page();
+            $platal->force_login($page);
         }
     }