[Fusionforge-commits] r12693 - in branches/Branch_5_1/src: common/forum www/forum

Alain Peyrat aljeux at fusionforge.org
Fri Mar 11 18:10:13 CET 2011


Author: aljeux
Date: 2011-03-11 18:10:13 +0100 (Fri, 11 Mar 2011)
New Revision: 12693

Modified:
   branches/Branch_5_1/src/common/forum/Forum.class.php
   branches/Branch_5_1/src/www/forum/myforums.php
Log:
Use group_id in forums to secure requested informations.

Modified: branches/Branch_5_1/src/common/forum/Forum.class.php
===================================================================
--- branches/Branch_5_1/src/common/forum/Forum.class.php	2011-03-11 17:10:04 UTC (rev 12692)
+++ branches/Branch_5_1/src/common/forum/Forum.class.php	2011-03-11 17:10:13 UTC (rev 12693)
@@ -5,6 +5,7 @@
  * Copyright 1999-2000, Tim Perdue/Sourceforge
  * Copyright 2002, Tim Perdue/GForge, LLC
  * Copyright 2009, Roland Mas
+ * Copyright (C) 2011 Alain Peyrat - Alcatel-Lucent
  *
  * This file is part of FusionForge.
  *
@@ -237,8 +238,8 @@
 	 *	@return	boolean	success.
 	 */
 	function fetchData($group_forum_id) {
-		$res = db_query_params ('SELECT * FROM forum_group_list_vw WHERE group_forum_id=$1',
-					array ($group_forum_id)) ;
+		$res=db_query_params('SELECT * FROM forum_group_list_vw	WHERE group_forum_id=$1 AND group_id=$2',
+			array($group_forum_id, $this->Group->getID()));
 		if (!$res || db_numrows($res) < 1) {
 			$this->setError(_('Invalid forum group identifier'));
 			return false;

Modified: branches/Branch_5_1/src/www/forum/myforums.php
===================================================================
--- branches/Branch_5_1/src/www/forum/myforums.php	2011-03-11 17:10:04 UTC (rev 12692)
+++ branches/Branch_5_1/src/www/forum/myforums.php	2011-03-11 17:10:13 UTC (rev 12693)
@@ -7,6 +7,7 @@
  * The rest Copyright 2002-2004 (c) GForge Team
  * Copyright 2005 (c) - Daniel Perez
  * Copyright 2010 (c) Franck Villaume - Capgemini
+ * Copyright (C) 2011 Alain Peyrat - Alcatel-Lucent
  * http://fusionforge.org/
  *
  * This file is part of FusionForge.
@@ -152,8 +153,8 @@
 		$date = $f->getMostRecentDate()? date(_('Y-m-d H:i'),$f->getMostRecentDate()) : '';
 		echo '<tr '. $HTML->boxGetAltRowStyle($j++) . '>
 			<td>' . $this_forum_group->getPublicName() . '</td>
-			<td><a href="forum.php?forum_id='. $f->getID() .'">'.
-			html_image("ic/forum20w.png","20","20") .
+			<td><a href="forum.php?forum_id='. $f->getID() .'&group_id='.$this_forum_group->getID().'">'.
+			html_image('ic/forum20w.png') .
 			' ' .
 			$f->getName() .'</a></td>
 			<td style="text-align:center">'.$f->getThreadCount().'</td>




More information about the Fusionforge-commits mailing list