oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added missing privilege check

Browse source
This commit is contained in:
Lucas Bartholemy 2006-06-05 20:56:29 +00:00
parent 553e2fc0ca
commit 0c12259144
2 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/6.x.x.txt
View file

@ -1,4 +1,5 @@
6.99.4
- fix: SQLForm - added missing privilege check
- fix: typo in spectre
- fixed a bug where a user could transfer a negative amount of karma to a
thread and actually gain karma from the thread.

2
lib/WebGUI/Asset/Wobject/SQLForm.pm
View file

@ -1430,6 +1430,8 @@ Will mark the 'deleted' field identified by the id given in the form param 'fid'
sub www_enableField {
my $self = shift;
return $self->session->privilege->insufficient() unless ($self->_canAlterTable);
$self->session->db->write('delete from SQLForm_fieldDefinitions '.
' where property="disabled" and assetId='.$self->session->db->quote($self->getId).' and fieldId='.$self->session->db->quote($self->session->form->process("fid")));