Skip to content

Commit

Permalink
Item10311: Trunk didn't check access permissions
Browse files Browse the repository at this point in the history 
Syncing up Release11 branche with trunk.  Trunk was missing the check
for change authority.

git-svn-id: http://svn.foswiki.org/trunk@10763 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
  • Loading branch information
GeorgeClark authored and GeorgeClark committed Feb 22, 2011
1 parent 756adcd commit a522f6d
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions core/lib/Foswiki/UI/Manage.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -470,6 +470,18 @@ sub _action_restoreRevision {
# read the current topic
my $meta = Foswiki::Meta->load( $session, $web, $topic );

if ( !$meta->haveAccess('CHANGE') ) {

# user has no permission to change the topic
throw Foswiki::OopsException(
'accessdenied',
def => 'topic_access',
web => $web,
topic => $topic,
params => [ 'change', 'denied' ]
);
}

# read the old topic
my $rev = $query->param('rev');
my $requestedRev = Foswiki::Store::cleanUpRevID( $query->param('rev') );
Expand Down

0 comments on commit a522f6d

Please sign in to comment.