[Fusionforge-general] [Fusionforge-commits] r16200 - in branches: Branch_5_1/src/common/include Branch_5_1/src/debian Branch_5_1/src/www/include Branch_5_1/src/www/top Branch_5_2/src/common/include Branch_5_2/src/debian Branch_5_2/src/www/include Branch_5_2/src/www/top wheezy/common/include wheezy/debian wheezy/www/include wheezy/www/top
Franck Villaume
franck.villaume at trivialdev.com
Mon Sep 3 19:56:54 CEST 2012
Le 03/09/2012 14:09, Thorsten Glaser a écrit :
> Author: mirabilos
> Date: 2012-09-03 14:09:31 +0200 (Mon, 03 Sep 2012)
> New Revision: 16200
>
> Modified:
> branches/Branch_5_1/src/common/include/Stats.class.php
> branches/Branch_5_1/src/debian/changelog
> branches/Branch_5_1/src/www/include/user_home.php
> branches/Branch_5_1/src/www/top/toplist.php
> branches/Branch_5_2/src/common/include/Stats.class.php
> branches/Branch_5_2/src/debian/changelog
> branches/Branch_5_2/src/www/include/user_home.php
> branches/Branch_5_2/src/www/top/toplist.php
> branches/wheezy/common/include/Stats.class.php
> branches/wheezy/debian/changelog
> branches/wheezy/www/include/user_home.php
> branches/wheezy/www/top/toplist.php
> Log:
> SECURITY: Do not disclose inaccessible groups on user_home/toplist
Hi, the user_home was already fix in 5.2.
But your fix is nicer than mine. I remove my code since you just include
your code at top of mine.
Check r16201 in Branch_5_2
Bye,
nerville
>
> Modified: branches/Branch_5_2/src/www/include/user_home.php
> ===================================================================
> --- branches/Branch_5_2/src/www/include/user_home.php 2012-09-03 11:17:58 UTC (rev 16199)
> +++ branches/Branch_5_2/src/www/include/user_home.php 2012-09-03 12:09:31 UTC (rev 16200)
> @@ -6,7 +6,8 @@
> * Copyright 2010, FusionForge Team
> * Copyright (C) 2011 Alain Peyrat - Alcatel-Lucent
> * Copyright 2012, Franck Villaume - TrivialDev
> - * http://fusionforge.org
> + * Copyright © 2012
> + * Thorsten Glaser <t.glaser at tarent.de>
> *
> * This file is part of FusionForge. FusionForge is free software;
> * you can redistribute it and/or modify it under the terms of the
> @@ -36,7 +37,7 @@
> $title = _('User Profile');
> $HTML->header(array('title'=>$title));
>
> -echo $HTML->boxTop(_('Personal Information'), _('Personal Information'));
> +echo $HTML->boxTop(_('Personal Information'), _('Personal Information'));
>
> ?>
>
> @@ -44,9 +45,9 @@
>
>
> <?php
> -
> +
> echo user_personal_information($user);
> -
> +
> if (forge_get_config('use_ratings')) {
> echo $HTML->boxMiddle(_('Peer Rating'), _('Peer Rating'));
> echo '<table class="my-layout-table" id="user-profile-rating">';
> @@ -105,6 +106,10 @@
> print "<p>"._('This developer is a member of the following projects:')."</p>\n";
>
> foreach ($projects as $p) {
> + if (!forge_check_perm('project_read', $p->getID())) {
> + continue;
> + }
> +
> $display = 0;
> if (!$p->isPublic()) {
> $currentUser = session_get_user();
> @@ -202,5 +207,3 @@
> // mode: php
> // c-file-style: "bsd"
> // End:
> -
> -?>
>
--
TrivialDev Founder
http://trivialdev.com
More information about the Fusionforge-general
mailing list