[Fusionforge-commits] FusionForge branch 6.0 updated. v6.0.3-58-gee4d671

Sylvain Beucler beuc-inria at libremir.placard.fr.eu.org
Fri Dec 18 14:39:57 CET 2015


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, 6.0 has been updated
       via  ee4d67136ab936c6f2632d2e505bd86175d918bb (commit)
      from  89ba2186cc26a0bbc1eee05092c7de3bef20218e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=ee4d67136ab936c6f2632d2e505bd86175d918bb

commit ee4d67136ab936c6f2632d2e505bd86175d918bb
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date:   Fri Dec 18 14:14:37 2015 +0100

    rss: quick fix to prevent private PM infoleak

diff --git a/src/www/export/rss20_tasks.php b/src/www/export/rss20_tasks.php
index d0104b8..81b8dfc 100644
--- a/src/www/export/rss20_tasks.php
+++ b/src/www/export/rss20_tasks.php
@@ -72,6 +72,8 @@ if(isset($projects[0]))
 {
 	foreach($projects AS $project)
 	{
+		session_require_perm('pm', $project, 'read');
+
 		$project_sq.=" OR (group_project_id = '".$project."')";
 		/*$sql="SELECT project_name,group_id FROM project_group_list WHERE group_project_id='".$project."'";
 		$res=pg_query($sql);

-----------------------------------------------------------------------

Summary of changes:
 src/www/export/rss20_tasks.php | 2 ++
 1 file changed, 2 insertions(+)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list