1
Zorglub
Wfdownloads Security (BIG) issue
  • 2004/11/22 14:02

  • Zorglub

  • Just popping in

  • Posts: 43

  • Since: 2004/1/26


Problem with wfdownloads :

I defined categories, to which diffrent groups may or may not access.

For exemple, a public category, where anon can download, and a "private" catgory, where they cannot go.

When anon clicks on the only cat visible, public, it does have that adress modules/wfdownloads/viewcat.php?cid=1

If it then changes into modules/wfdownloads/viewcat.php?cid=2 (it is the private category), it does indeed go to the private category, seeing everything ...

Any idea ? I took wfdownloads into inactive mode as the problem is quite big ...

2
suico
Re: Wfdownloads Security (BIG) issue
  • 2005/5/27 15:47

  • suico

  • Friend of XOOPS

  • Posts: 374

  • Since: 2003/7/24


I have made a hack for this and I think it works.
If someone wants to try it too just add this code to line 23 of viewcat.php:

[CODE]
$teste = $gperm_handler->checkRight('WFDownCatPerm', $cid, $groups, $xoopsModule->getVar('mid'));
if (!$teste)
{
redirect_header('index.php', 2, 'You are not allowed to view this category');
}
[/CODE]

It seems to work for me.

Please if someone trys this just let me know the results.

obs: Of course you can also add a variable for language instead of the message but as this will be solved on next version i think it is unnecessary now.

Login

Who's Online

333 user(s) are online (304 user(s) are browsing Support Forums)


Members: 0


Guests: 333


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits