Skip to content
Browse files

Close wide-open hacking hole! This script wasn't checking for admin

user in the case where the site has been defined already.  Oops. Fixed now.
  • Loading branch information...
1 parent 9c055aa commit ce15d1784c832393d9ad7f9873e9fab877b32445 martin committed Aug 6, 2002
Showing with 5 additions and 1 deletion.
  1. +5 −1 admin/site.php
View
6 admin/site.php
@@ -2,7 +2,11 @@
require("../config.php");
- $course = get_site();
+ if ($course = get_site()) {
+ if (!isadmin()) {
+ error("You need to be admin to edit this page");
+ }
+ }
$course->format = "social"; // override
/// If data submitted, then process and store.

0 comments on commit ce15d17

Please sign in to comment.
Something went wrong with that request. Please try again.