[Fusionforge-commits] r12693 - in branches/Branch_5_1/src: common/forum www/forum
Alain Peyrat
aljeux at fusionforge.org
Fri Mar 11 18:10:13 CET 2011
Author: aljeux
Date: 2011-03-11 18:10:13 +0100 (Fri, 11 Mar 2011)
New Revision: 12693
Modified:
branches/Branch_5_1/src/common/forum/Forum.class.php
branches/Branch_5_1/src/www/forum/myforums.php
Log:
Use group_id in forums to secure requested informations.
Modified: branches/Branch_5_1/src/common/forum/Forum.class.php
===================================================================
--- branches/Branch_5_1/src/common/forum/Forum.class.php 2011-03-11 17:10:04 UTC (rev 12692)
+++ branches/Branch_5_1/src/common/forum/Forum.class.php 2011-03-11 17:10:13 UTC (rev 12693)
@@ -5,6 +5,7 @@
* Copyright 1999-2000, Tim Perdue/Sourceforge
* Copyright 2002, Tim Perdue/GForge, LLC
* Copyright 2009, Roland Mas
+ * Copyright (C) 2011 Alain Peyrat - Alcatel-Lucent
*
* This file is part of FusionForge.
*
@@ -237,8 +238,8 @@
* @return boolean success.
*/
function fetchData($group_forum_id) {
- $res = db_query_params ('SELECT * FROM forum_group_list_vw WHERE group_forum_id=$1',
- array ($group_forum_id)) ;
+ $res=db_query_params('SELECT * FROM forum_group_list_vw WHERE group_forum_id=$1 AND group_id=$2',
+ array($group_forum_id, $this->Group->getID()));
if (!$res || db_numrows($res) < 1) {
$this->setError(_('Invalid forum group identifier'));
return false;
Modified: branches/Branch_5_1/src/www/forum/myforums.php
===================================================================
--- branches/Branch_5_1/src/www/forum/myforums.php 2011-03-11 17:10:04 UTC (rev 12692)
+++ branches/Branch_5_1/src/www/forum/myforums.php 2011-03-11 17:10:13 UTC (rev 12693)
@@ -7,6 +7,7 @@
* The rest Copyright 2002-2004 (c) GForge Team
* Copyright 2005 (c) - Daniel Perez
* Copyright 2010 (c) Franck Villaume - Capgemini
+ * Copyright (C) 2011 Alain Peyrat - Alcatel-Lucent
* http://fusionforge.org/
*
* This file is part of FusionForge.
@@ -152,8 +153,8 @@
$date = $f->getMostRecentDate()? date(_('Y-m-d H:i'),$f->getMostRecentDate()) : '';
echo '<tr '. $HTML->boxGetAltRowStyle($j++) . '>
<td>' . $this_forum_group->getPublicName() . '</td>
- <td><a href="forum.php?forum_id='. $f->getID() .'">'.
- html_image("ic/forum20w.png","20","20") .
+ <td><a href="forum.php?forum_id='. $f->getID() .'&group_id='.$this_forum_group->getID().'">'.
+ html_image('ic/forum20w.png') .
' ' .
$f->getName() .'</a></td>
<td style="text-align:center">'.$f->getThreadCount().'</td>
More information about the Fusionforge-commits
mailing list