Mirror/Gazelle
1
0
Fork 0
mirror of https://github.com/WhatCD/Gazelle.git synced 2024-12-12 18:36:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Empty commit

Browse Source
This commit is contained in:
Git 2016-01-05 08:00:28 +00:00
parent a4c3ae1184
commit 9f072764d3
4 changed files with 26 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/CHANGES.txt
View File

@ -1,5 +1,8 @@
CHANGE LOG
2016-01-03 by newman
Fix several permissions bugs
2015-12-24 by newman
Fix several XSS, SQLi, and misc vulnerabilities

14
sections/user/permissions.php
View File

@ -1,12 +1,20 @@
<?
//TODO: Redo HTML
if (!check_perms('admin_manage_permissions')) {
error(403);
}
if (!isset($_REQUEST['userid']) || !is_number($_REQUEST['userid'])) {
error(404);
}
// Get the user class of the user being edited to ensure that the logged in user has permission
$DB->query("SELECT p.Level
FROM permissions p
JOIN users_main AS um ON um.PermissionID = p.ID
WHERE um.ID = '" . $_REQUEST['userid'] . "'");
list($UserClass) = $DB->next_record();
if (!check_perms('admin_manage_permissions', $UserClass)) {
error(403);
}
include(SERVER_ROOT."/classes/permissions_form.php");
list($UserID, $Username, $PermissionID) = array_values(Users::user_info($_REQUEST['userid']));

6
sections/wiki/article.php
View File

@ -50,9 +50,9 @@
<? if ($Edit <= $LoggedUser['EffectiveClass']) { ?>
<a href="wiki.php?action=edit&amp;id=<?=$ArticleID?>" class="brackets">Contribute</a>
<a href="wiki.php?action=revisions&amp;id=<?=$ArticleID?>" class="brackets">History</a>
<? } ?>
<? if (check_perms('admin_manage_wiki') && $_GET['id'] != INDEX_ARTICLE) { ?>
<a href="wiki.php?action=delete&amp;id=<?=$ArticleID?>&amp;authkey=<?=$LoggedUser['AuthKey']?>" class="brackets" onclick="return confirm('Are you sure you want to delete?\nYes, DELETE, not as in \'Oh hey, if this is wrong we can get someone to magically undelete it for us later\' it will be GONE.\nGiven this new information, do you still want to DELETE this article and all its revisions and all its alias\' and act like it never existed?')">Delete</a>
<? if (check_perms('admin_manage_wiki') && $_GET['id'] != INDEX_ARTICLE) { ?>
<a href="wiki.php?action=delete&amp;id=<?=$ArticleID?>&amp;auth=<?=$LoggedUser['AuthKey']?>" class="brackets" onclick="return confirm('Are you sure you want to delete?\nYes, DELETE, not as in \'Oh hey, if this is wrong we can get someone to magically undelete it for us later\' it will be GONE.\nGiven this new information, do you still want to DELETE this article and all its revisions and all its alias\' and act like it never existed?')">Delete</a>
<? } ?>
<? } ?>
<!--<a href="reports.php?action=submit&amp;type=wiki&amp;article=<?=$ArticleID ?>" class="brackets">Report</a>-->
</div>

9
sections/wiki/delete.php
View File

@ -1,4 +1,6 @@
<?
authorize();
if (!check_perms('admin_manage_wiki')) {
error(403);
}
@ -12,6 +14,13 @@
error('You cannot delete the main wiki article.');
}
$DB->query("SELECT MinClassEdit FROM wiki_articles WHERE ID = '$ID'");
list($MinEditClass) = $DB->next_record();
if ($MinEditClass > $LoggedUser['EffectiveClass']) {
error(403);
}
$DB->query("
SELECT Title
FROM wiki_articles