phpBMS

Show
Ignore:
Timestamp:
01/07/10 11:16:05 (2 years ago)
Author:
brieb
Message:
  • Added more rights look ups to certain pages
  • Fixed several path disclosure errors
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/phpbms/modules/base/notes_addedit.php

    r703 r727  
    3737 +-------------------------------------------------------------------------+ 
    3838*/ 
    39 //var_dump($_POST); 
    40 //exit; 
     39 
    4140        require_once("../../include/session.php"); 
    4241        require_once("include/fields.php"); 
     
    5857        $thetable = new notes($db, "tbld:a4cdd991-cf0a-916f-1240-49428ea1bdd1", $backurl); 
    5958        $therecord = $thetable->processAddEditPage(); 
     59 
     60        if($therecord["private"] && $therecord["createdby"] != $_SESSION["userinfo"]["id"] && !$_SESSION["userinfo"]["admin"]) 
     61            goURL("../../noaccess.php"); 
    6062 
    6163        if(isset($therecord["phpbmsStatus"])) 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.