You are here: Foswiki>Tasks Web>Item12491 (19 Nov 2013, GeorgeClark)Edit Attach

Item12491: TOPICLIST does not respect access rights

pencil
Priority: Urgent
Current State: Closed
Released In: 1.1.9
Target Release: patch
Applies To: Engine
Component:
Branches: Release01x01 trunk
Reported By: MichaelDaum
Waiting For:
Last Change By: GeorgeClark
As a consequence WebTopicList discloses information to users who otherwise won't have view rights on these topics.

Hot fix:

--- lib/Foswiki/Macros/TOPICLIST.pm     (revision 16700)
+++ lib/Foswiki/Macros/TOPICLIST.pm     (working copy)
@@ -31,6 +31,10 @@
     my $it = $webObject->eachTopic();
     while ( $it->hasNext() ) {
         my $item = $it->next();
+
+        my $topicObject = Foswiki::Meta->new( $this, $web, $item );
+        next unless $topicObject->haveAccess("VIEW");
+
         my $line = $format;
         $line =~ s/\$web\b/$web/g;
         $line =~ s/\$topic\b/$item/g;

-- MichaelDaum - 06 May 2013

 
Topic revision: r6 - 19 Nov 2013, GeorgeClark - This page was cached on 27 Jun 2016 - 18:46.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License