Fix an error in permission handling: all pages where accessible without

author Florent Bruneau <florent.bruneau@polytechnique.org>

Fri, 17 Sep 2010 12:20:34 +0000 (14:20 +0200)

committer Florent Bruneau <florent.bruneau@polytechnique.org>

Fri, 17 Sep 2010 12:30:58 +0000 (14:30 +0200)
author Florent Bruneau <florent.bruneau@polytechnique.org>
Fri, 17 Sep 2010 12:20:34 +0000 (14:20 +0200)
committer Florent Bruneau <florent.bruneau@polytechnique.org>
Fri, 17 Sep 2010 12:30:58 +0000 (14:30 +0200)
diff --git a/SECURITY b/SECURITY

index 47f39de..2b311cf 100644 (file)
--- a/SECURITY
+++ b/SECURITY
@@ -12,4 +12,4 @@
  # The commit id should refer to the id in the "core" branch, if the initial
  # commit in a version branch had another name.
  
-# Hurray! No security holes have been found yet :)
+2010-09-17 00000000 Fix an error in permission handling: all pages where accessible without admin permission.
diff --git a/classes/platal.php b/classes/platal.php

index 06002ed..d3bb3e4 100644 (file)
--- a/classes/platal.php
+++ b/classes/platal.php
@@ -72,7 +72,7 @@ abstract class PlHook
              }
          }
          if (!$this->checkPerms()) {
-            if (!Platal::notAllowed()) {
+            if (Platal::notAllowed()) {
                  return PL_FORBIDDEN;
              }
          }
author	Florent Bruneau <florent.bruneau@polytechnique.org>
	Fri, 17 Sep 2010 12:20:34 +0000 (14:20 +0200)
committer	Florent Bruneau <florent.bruneau@polytechnique.org>
	Fri, 17 Sep 2010 12:30:58 +0000 (14:30 +0200)
SECURITY		patch \| blob \| blame \| history
classes/platal.php		patch \| blob \| blame \| history