appdb/. appview.php - wine-commits

13 Jan 2006

ChangeSet ID:	22258
CVSROOT:	/opt/cvs-commit
Module name:	appdb
Changes by:	wineowner@winehq.org	2006/01/12 21:05:06
Modified files:
    .              : appview.php
Log message:
    Chris Morgan cmorgan@alum.wpi.edu
    Check that users can view applications and versions before displaying them.  Present an error message if they lack permission.  Fixes a bug where we were allowing users to view applications and versions that were rejected.
Patch: http://cvs.winehq.org/patch.py?id=22258
Old revision  New revision  Changes     Path
 1.76          1.77          +15 -0      appdb/appview.php
Index: appdb/appview.php
diff -u -p appdb/appview.php:1.76 appdb/appview.php:1.77

--- appdb/appview.php:1.76	13 Jan 2006  3: 5: 6 -0000
+++ appdb/appview.php	13 Jan 2006  3: 5: 6 -0000
@@ -191,6 +191,13 @@ if($_REQUEST['appId'])
 {
     $oApp = new Application($_REQUEST['appId']);
+    /* is this user supposed to view this version? */
+    if(!$_SESSION['current']->canViewApplication($oApp))
+    {
+        errorpage("Something went wrong with the application or version id");
+        exit;
+    }
+
     // show Vote Menu
     if($_SESSION['current']->isLoggedIn())
         apidb_sidebar_add("vote_menu");
@@ -329,6 +336,14 @@ if($_REQUEST['appId'])
 else if($_REQUEST['versionId'])
 {
     $oVersion = new Version($_REQUEST['versionId']);
+
+    /* is this user supposed to view this version? */
+    if(!$_SESSION['current']->canViewVersion($oVersion))
+    {
+        errorpage("Something went wrong with the application or version id");
+        exit;
+    }
+
     $oApp = new Application($oVersion->iAppId);
     if(!$oApp->iAppId) 
     {

    