From 15ac233cca0fc05e2b4adc253053e64f154e5bf2 Mon Sep 17 00:00:00 2001
From: JT Smith <jt@plainblack.com>
Date: Wed, 2 Jul 2003 00:02:27 +0000
Subject: [PATCH] fixed a vulnerablity where unauthorized users could edit a
 data form entry

---
 lib/WebGUI/Wobject/DataForm.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/WebGUI/Wobject/DataForm.pm b/lib/WebGUI/Wobject/DataForm.pm
index ad9e4654e..3003258e4 100644
--- a/lib/WebGUI/Wobject/DataForm.pm
+++ b/lib/WebGUI/Wobject/DataForm.pm
@@ -639,7 +639,7 @@ sub www_process {
 #-------------------------------------------------------------------
 sub www_view {
 	my $var;
-	$var->{entryId} = $session{form}{entryId};
+	$var->{entryId} = $session{form}{entryId} if (WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId")));
 	if ($var->{entryId} eq "list" && WebGUI::Privilege::canEditWobject($_[0]->get("wobjectId"))) {
 		return $_[0]->processTemplate($_[0]->get("listTemplateId"),$_[0]->getListTemplateVars,"DataForm/List");
 	}