Unregistered user could access to edit content direct using a content_id

author: lsces <lester@lsces.co.uk> 2012-09-28 22:36:49 +0100
committer: lsces <lester@lsces.co.uk> 2012-09-28 22:36:49 +0100
commit: 6293991447d07978f3700234d7c39a66f5c9f743 (patch)
tree: 189a202c79ed38605e759197b060e86f6f167198 /edit.php
parent: 0f422e1a293ca0d5e059d3c05f20cfe4acd228a4 (diff)
download: wiki-6293991447d07978f3700234d7c39a66f5c9f743.tar.gz
wiki-6293991447d07978f3700234d7c39a66f5c9f743.tar.bz2
wiki-6293991447d07978f3700234d7c39a66f5c9f743.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/edit.php b/edit.php
index aef217e..892057d 100644
--- a/edit.php
+++ b/edit.php
@@ -32,12 +32,14 @@ if( ( !empty( $_REQUEST['page'] ) && $_REQUEST['page'] == 'SandBox' ) || ( !empt
 
 if( $wiki_sandbox && !$gBitSystem->isFeatureActive( 'wiki_sandbox' ) ) {
 	$gBitSystem->fatalError( tra( "The SandBox is disabled" ));
-} elseif( !$wiki_sandbox ){
+} elseif( !$wiki_sandbox && $gBitUser->mUserId > 0 ){
 	if( $gContent->isValid() ) {
 		$gContent->verifyUpdatePermission();
 	} else {
 		$gContent->verifyCreatePermission();
 	}
+} else {
+	$gBitSystem->fatalPermission( $gContent->mUpdateContentPerm );
 }
 
 //make comment count for this page available for templates
author	lsces <lester@lsces.co.uk>	2012-09-28 22:36:49 +0100
committer	lsces <lester@lsces.co.uk>	2012-09-28 22:36:49 +0100
commit	6293991447d07978f3700234d7c39a66f5c9f743 (patch)
tree	189a202c79ed38605e759197b060e86f6f167198 /edit.php
parent	0f422e1a293ca0d5e059d3c05f20cfe4acd228a4 (diff)
download	wiki-6293991447d07978f3700234d7c39a66f5c9f743.tar.gz wiki-6293991447d07978f3700234d7c39a66f5c9f743.tar.bz2 wiki-6293991447d07978f3700234d7c39a66f5c9f743.zip