better fix for the view=console security flaw.
This does it in index.php,so it guards all pages, and also just changes the view to login, so instead of giving an error, it presents you with the login, which I think is better.
This commit is contained in:
parent
9d9396c8bc
commit
3c8153c9b4
|
@ -122,6 +122,11 @@ foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
|
|||
|
||||
require_once( 'includes/actions.php' );
|
||||
|
||||
# If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in.
|
||||
if ( ZM_OPT_USE_AUTH && ! isset($user) && $view != 'login' ) {
|
||||
$view = 'login';
|
||||
}
|
||||
|
||||
if ( isset( $_REQUEST['request'] ) )
|
||||
{
|
||||
foreach ( getSkinIncludes( 'ajax/'.$request.'.php', true, true ) as $includeFile )
|
||||
|
|
|
@ -18,11 +18,6 @@
|
|||
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
||||
//
|
||||
|
||||
if ( ZM_OPT_USE_AUTH && ! isset($user) ) {
|
||||
$view = "error";
|
||||
return;
|
||||
}
|
||||
|
||||
$eventCounts = array(
|
||||
array(
|
||||
"title" => $SLANG['Events'],
|
||||
|
|
Loading…
Reference in New Issue