Item11433: check access rights before extracting the TopicTitle

git-svn-id: http://svn.foswiki.org/trunk/BreadCrumbsPlugin@14080 0b4bb1d4-4e5a-0410-9cc4-b2b747904278

data/System/BreadCrumbsPlugin.txt

@@ -163,11 +163,12 @@ separator) may contain special variables:
 -->
 
 |  Plugin Author: | Michael Daum |
-|  Copyright ©: | 2006-2009, Michael Daum http://michaeldaumconsulting.com |
+|  Copyright ©: | 2006-2012, Michael Daum http://michaeldaumconsulting.com |
 |  License: | GPL ([[http://www.gnu.org/copyleft/gpl.html][GNU General Public License]]) |
 |  Release: | %$RELEASE% |
 |  Version: | %$VERSION% |
 |  Change History: |   |
+|  24 Feb 2012: | check access rights before extracting the !TopicTitle |
 |  20 Aug 2009: | fixed usage of =$web= |
 |  03 Jul 2009: | fixed fallback method to get the !TopicTitle without !DBCachePlugin |
 |  29 Jun 2009: | use Foswiki !DBCachePlugin now |

lib/Foswiki/Plugins/BreadCrumbsPlugin.pm

@@ -1,6 +1,6 @@
 # Plugin for Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2006-2008 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2006-2012 Michael Daum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -17,15 +17,18 @@ package Foswiki::Plugins::BreadCrumbsPlugin;
 use strict;
 
 our $VERSION = '$Rev$';
-our $RELEASE = 'v2.42';
+our $RELEASE = '2.43';
 our $NO_PREFS_IN_TOPIC = 1;
 our $SHORTDESCRIPTION = 'A flexible way to display breadcrumbs navigation';
 our $doneInit = 0;
 
 ###############################################################################
 sub initPlugin {
 
-  Foswiki::Func::registerTagHandler('BREADCRUMBS', \&renderBreadCrumbs);
+  Foswiki::Func::registerTagHandler('BREADCRUMBS', sub renderBreadCrumbs {
+    init();
+    return Foswiki::Plugins::BreadCrumbsPlugin::Core::renderBreadCrumbs(@_);
+  }
 
   my $doRecordTrail = Foswiki::Func::getPreferencesValue('BREADCRUMBSPLUGIN_RECORDTRAIL') || '';
   $doRecordTrail = ($doRecordTrail eq 'on')?1:0;
@@ -48,10 +51,4 @@ sub init {
   Foswiki::Plugins::BreadCrumbsPlugin::Core::init(@_);
 }
 
-###############################################################################
-sub renderBreadCrumbs {
-  init();
-  return Foswiki::Plugins::BreadCrumbsPlugin::Core::renderBreadCrumbs(@_);
-}
-
 1;

lib/Foswiki/Plugins/BreadCrumbsPlugin/Core.pm

@@ -1,6 +1,6 @@
 # Plugin for Foswiki - The Free and Open Source Wiki, http://foswiki.org/
 #
-# Copyright (C) 2006-2008 Michael Daum http://michaeldaumconsulting.com
+# Copyright (C) 2006-2012 Michael Daum http://michaeldaumconsulting.com
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -70,7 +70,10 @@ sub recordTrail {
 sub renderBreadCrumbs {
   my ($session, $params, $currentTopic, $currentWeb) = @_;
 
-  #writeDebug("called renderBreadCrumbs($currentWeb, $currentTopic)");
+  writeDebug("called renderBreadCrumbs($currentWeb, $currentTopic)");
+
+  # return an empty string if the current location is unknown
+  return '' if $currentWeb eq 'Unknown' && $currentTopic eq 'Unknown';
 
   # get parameters
   my $webTopic = $params->{_DEFAULT} || "$currentWeb.$currentTopic";
@@ -316,6 +319,13 @@ sub getTopicTitle {
   my $topicTitle;
 
   my ($meta, $text) = Foswiki::Func::readTopic($theWeb, $theTopic);
+
+  if ($Foswiki::cfg{SecureTopicTitles}) {
+    my $wikiName = Foswiki::Func::getWikiName();
+    return $theTopic
+      unless Foswiki::Func::checkAccessPermission('VIEW', $wikiName, $text, $theTopic, $theWeb, $meta);
+  }
+
   my $field = $meta->get('FIELD', 'TopicTitle');
   if ($field) {
     $topicTitle = $field->{value};