Skip to content
Permalink
Browse files Browse the repository at this point in the history
Do not allow unprivileged authors to modify an existing article's mar…
…kup setting.

Refs #558.
  • Loading branch information
rwetzlmayr committed Oct 16, 2015
1 parent a9fcb15 commit 950d9e0
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions textpattern/include/txp_article.php
Expand Up @@ -327,7 +327,7 @@ function article_save()

$incoming = array_map('assert_string', psa($vars));

$oldArticle = safe_row('Status, url_title, Title, '.
$oldArticle = safe_row('Status, url_title, Title, textile_body, textile_excerpt, '.
'unix_timestamp(LastMod) as sLastMod, LastModID, '.
'unix_timestamp(Posted) as sPosted, '.
'unix_timestamp(Expires) as sExpires',
Expand All @@ -351,7 +351,8 @@ function article_save()
}

if (!has_privs('article.set_markup')) {
$incoming['textile_body'] = $incoming['textile_excerpt'] = $use_textile;
$incoming['textile_body'] = $oldArticle['textile_body'];
$incoming['textile_excerpt'] = $oldArticle['textile_excerpt'];
}

$incoming = textile_main_fields($incoming);
Expand Down Expand Up @@ -749,6 +750,12 @@ function article_edit($message = '', $concurrent = false, $refresh_partials = fa
if ($concurrent) {
$store_out['sLastMod'] = safe_field('unix_timestamp(LastMod) as sLastMod', 'textpattern', 'ID='.$ID);
}

if (!has_privs('article.set_markup')) {
$oldArticle = safe_row('textile_body, textile_excerpt', 'textpattern', 'ID = '.$ID);
$store_out['textile_body'] = $oldArticle['textile_body'];
$store_out['textile_excerpt'] = $oldArticle['textile_excerpt'];
}
}

// Use preferred Textfilter as default and fallback.
Expand Down

0 comments on commit 950d9e0

Please sign in to comment.