Fixed small security hole.

2002-08-12 00:09:24 +00:00 · 2002-08-12 00:09:24 +00:00 · 7a6372b83f
commit 7a6372b83f
parent 1c3094af19
1 changed files with 10 additions and 6 deletions
--- a/lib/WebGUI.pm
+++ b/lib/WebGUI.pm
@ -67,12 +67,16 @@ sub page {
 					.$session{form}{wid}."] on page '".$session{page}{title}."' ["
 					.$session{page}{pageId}."].");
 			} else {
-				$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
-				$w = eval{$cmd->new($wobject)};
-				WebGUI::ErrorHandler::fatalError("Couldn't instanciate wojbect: ${$wobject}{namespace}. Root Cause: ".$@) if($@);
-				$cmd = "www_".$session{form}{func};
-				$wobjectOutput = eval{$w->$cmd};
-				WebGUI::ErrorHandler::fatalError("Web method doesn't exist in wojbect: ${$wobject}{namespace} / $session{form}{func}. Root Cause: ".$@) if($@);
+				if (WebGUI::Privilege::canViewPage()) {
+					$cmd = "WebGUI::Wobject::".${$wobject}{namespace};
+					$w = eval{$cmd->new($wobject)};
+					WebGUI::ErrorHandler::fatalError("Couldn't instanciate wojbect: ${$wobject}{namespace}. Root Cause: ".$@) if($@);
+					$cmd = "www_".$session{form}{func};
+					$wobjectOutput = eval{$w->$cmd};
+					WebGUI::ErrorHandler::fatalError("Web method doesn't exist in wojbect: ${$wobject}{namespace} / $session{form}{func}. Root Cause: ".$@) if($@);
+				} else {
+					$wobjectOutput = WebGUI::Privilege::noAccess();
+				}
 			}
 		}
 	}