From a86feb8996e9314291a5ab24d900d0193782681b Mon Sep 17 00:00:00 2001
From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Fri, 17 Sep 2010 14:20:34 +0200
Subject: [PATCH] Fix an error in permission handling: all pages where
 accessible without admin permission.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---
 SECURITY           | 2 +-
 classes/platal.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/SECURITY b/SECURITY
index 47f39de..2b311cf 100644
--- a/SECURITY
+++ b/SECURITY
@@ -12,4 +12,4 @@
 # The commit id should refer to the id in the "core" branch, if the initial
 # commit in a version branch had another name.
 
-# Hurray! No security holes have been found yet :)
+2010-09-17 00000000 Fix an error in permission handling: all pages where accessible without admin permission.
diff --git a/classes/platal.php b/classes/platal.php
index 06002ed..d3bb3e4 100644
--- a/classes/platal.php
+++ b/classes/platal.php
@@ -72,7 +72,7 @@ abstract class PlHook
             }
         }
         if (!$this->checkPerms()) {
-            if (!Platal::notAllowed()) {
+            if (Platal::notAllowed()) {
                 return PL_FORBIDDEN;
             }
         }
-- 
2.1.4