oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed a vulnerablity where unauthorized users could edit a data form entry

Browse source
This commit is contained in:
JT Smith 2003-07-02 00:02:27 +00:00
parent 2c7576bdad
commit 15ac233cca
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/WebGUI/Wobject/DataForm.pm
View file

@ -639,7 +639,7 @@ sub www_process {
#-------------------------------------------------------------------
sub www_view {
my $var;
$var->{entryId} = $session{form}{entryId};
$var->{entryId} = $session{form}{entryId} if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
if ($var->{entryId} eq "list" && WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
return $_[0]->processTemplate($_[0]->get("listTemplateId"),$_[0]->getListTemplateVars,"DataForm/List");
}