summaryrefslogtreecommitdiff
path: root/edit.php
diff options
context:
space:
mode:
authorlsces <lester@lsces.co.uk>2012-09-28 22:36:49 +0100
committerlsces <lester@lsces.co.uk>2012-09-28 22:36:49 +0100
commit6293991447d07978f3700234d7c39a66f5c9f743 (patch)
tree189a202c79ed38605e759197b060e86f6f167198 /edit.php
parent0f422e1a293ca0d5e059d3c05f20cfe4acd228a4 (diff)
downloadwiki-6293991447d07978f3700234d7c39a66f5c9f743.tar.gz
wiki-6293991447d07978f3700234d7c39a66f5c9f743.tar.bz2
wiki-6293991447d07978f3700234d7c39a66f5c9f743.zip
Unregistered user could access to edit content direct using a content_id
Diffstat (limited to 'edit.php')
-rw-r--r--edit.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/edit.php b/edit.php
index aef217e..892057d 100644
--- a/edit.php
+++ b/edit.php
@@ -32,12 +32,14 @@ if( ( !empty( $_REQUEST['page'] ) && $_REQUEST['page'] == 'SandBox' ) || ( !empt
if( $wiki_sandbox && !$gBitSystem->isFeatureActive( 'wiki_sandbox' ) ) {
$gBitSystem->fatalError( tra( "The SandBox is disabled" ));
-} elseif( !$wiki_sandbox ){
+} elseif( !$wiki_sandbox && $gBitUser->mUserId > 0 ){
if( $gContent->isValid() ) {
$gContent->verifyUpdatePermission();
} else {
$gContent->verifyCreatePermission();
}
+} else {
+ $gBitSystem->fatalPermission( $gContent->mUpdateContentPerm );
}
//make comment count for this page available for templates