From 4f67da27edb0f631a7af1ccf5aa6e7ead84332dc Mon Sep 17 00:00:00 2001
From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Thu, 18 Dec 2008 23:26:11 +0100
Subject: [PATCH] Critical: Permissions were not correctly checked before
 fetching wiki pages.

*All wiki pages where public since last release*

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---
 classes/plwikipage.php | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/classes/plwikipage.php b/classes/plwikipage.php
index 787b293..e60b21a 100644
--- a/classes/plwikipage.php
+++ b/classes/plwikipage.php
@@ -421,11 +421,16 @@ class PlWikiPage
           case 'public':
             return;
           case 'logged':
-            Platal::session()->start(AUTH_PUBLIC + 1);
-            return;
+            $ok = Platal::session()->start(AUTH_PUBLIC + 1);
+            break;
           default:
-            Platal::session()->start(Platal::session()->sureLevel());
-            return;
+            $ok = Platal::session()->start(Platal::session()->sureLevel());
+            break;
+        }
+        if (!$ok) {
+            global $platal;
+            $page =& Platal::page();
+            $platal->force_login($page);
         }
     }
 
-- 
2.1.4