Skip to content
Permalink
Browse files Browse the repository at this point in the history
Add access control check when reading HTML file https://sourceforge.n…
  • Loading branch information
jcameron committed Jul 10, 2012
1 parent 1f1411f commit 4cd7bad
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions file/edit_html.cgi
Expand Up @@ -12,6 +12,11 @@ if ($in{'text'} || $in{'file'} && !&is_html_file($in{'file'})) {
$text_mode = 1;
}

if (!&can_access($in{'file'})) {
# ACL rules prevent access to file
&error_exit(&text('view_eaccess', &html_escape($in{'file'})));
}

&popup_header($in{'file'} ? $text{'html_title'} : $text{'html_title2'},
undef, $text_mode ? undef : "onload='xinha_init()'");

Expand Down

0 comments on commit 4cd7bad

Please sign in to comment.