From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Fri, 17 Sep 2010 12:20:34 +0000 (+0200)
Subject: Fix an error in permission handling: all pages where accessible without
X-Git-Tag: core/1.1.1~30^2~1
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=a86feb8996e9314291a5ab24d900d0193782681b;p=platal.git

Fix an error in permission handling: all pages where accessible without
admin permission.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---

diff --git a/SECURITY b/SECURITY
index 47f39de..2b311cf 100644
--- a/SECURITY
+++ b/SECURITY
@@ -12,4 +12,4 @@
 # The commit id should refer to the id in the "core" branch, if the initial
 # commit in a version branch had another name.
 
-# Hurray! No security holes have been found yet :)
+2010-09-17 00000000 Fix an error in permission handling: all pages where accessible without admin permission.
diff --git a/classes/platal.php b/classes/platal.php
index 06002ed..d3bb3e4 100644
--- a/classes/platal.php
+++ b/classes/platal.php
@@ -72,7 +72,7 @@ abstract class PlHook
             }
         }
         if (!$this->checkPerms()) {
-            if (!Platal::notAllowed()) {
+            if (Platal::notAllowed()) {
                 return PL_FORBIDDEN;
             }
         }