oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix - Secure the search function

Browse source
This commit is contained in:
Roy Johnson 2006-06-28 19:13:44 +00:00
parent dc584ec66d
commit d27fc4917f
2 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -9,4 +9,5 @@
- fix: Search returns not restricted to chosen path or asset type - fix: Search returns not restricted to chosen path or asset type
- fix: Product Asset - specification labels not showing - fix: Product Asset - specification labels not showing
- fix: Folders displayed for underprivileged users (wouter / Procolix) - fix: Folders displayed for underprivileged users (wouter / Procolix)
- fix: Secure the search function

5
lib/WebGUI/Asset/Wobject/Search.pm
View file

@ -141,12 +141,13 @@ sub view {
my @results = (); my @results = ();
my $rs = $search->getResultSet; my $rs = $search->getResultSet;
while (my $data = $rs->hashRef) { while (my $data = $rs->hashRef) {
next unless ($self->session->user->userId eq $data->{ownerUserId} || $self->session->user->isInGroup($data->{groupIdView}) || $self->session->user->isInGroup($data->{groupIdEdit})); if ($self->session->user->userId eq $data->{ownerUserId} || $self->session->user->isInGroup($data->{groupIdView}) || $self->session->user->isInGroup($data->{groupIdEdit})) {
push(@results, { push(@results, {
url=>$data->{url}, url=>$data->{url},
title=>$data->{title}, title=>$data->{title},
synposis=>$data->{synopsis}, synposis=>$data->{synopsis},
}); });
}
} }
my $p = WebGUI::Paginator->new($self->session,$self->getUrl('doit=1;keywords='.$self->session->url->escape($self->session->form->get('keywords')))); my $p = WebGUI::Paginator->new($self->session,$self->getUrl('doit=1;keywords='.$self->session->url->escape($self->session->form->get('keywords'))));
$p->setDataByArrayRef(\@results); $p->setDataByArrayRef(\@results);