From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Thu, 18 Dec 2008 22:26:11 +0000 (+0100)
Subject: Critical: Permissions were not correctly checked before fetching wiki pages.
X-Git-Tag: core/1.0.1~11^2~8
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=4f67da27edb0f631a7af1ccf5aa6e7ead84332dc;p=platal.git

Critical: Permissions were not correctly checked before fetching wiki pages.

*All wiki pages where public since last release*

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/classes/plwikipage.php b/classes/plwikipage.php
index 787b293..e60b21a 100644
--- a/classes/plwikipage.php
+++ b/classes/plwikipage.php
@@ -421,11 +421,16 @@ class PlWikiPage
           case 'public':
             return;
           case 'logged':
-            Platal::session()->start(AUTH_PUBLIC + 1);
-            return;
+            $ok = Platal::session()->start(AUTH_PUBLIC + 1);
+            break;
           default:
-            Platal::session()->start(Platal::session()->sureLevel());
-            return;
+            $ok = Platal::session()->start(Platal::session()->sureLevel());
+            break;
+        }
+        if (!$ok) {
+            global $platal;
+            $page =& Platal::page();
+            $platal->force_login($page);
         }
     }