[Fusionforge-commits] FusionForge branch 6.0 updated. v6.0.3-58-gee4d671

Sylvain Beucler Fri, 18 Dec 2015 05:40:25 -0800

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".


The branch, 6.0 has been updated
       via  ee4d67136ab936c6f2632d2e505bd86175d918bb (commit)
      from  89ba2186cc26a0bbc1eee05092c7de3bef20218e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=ee4d67136ab936c6f2632d2e505bd86175d918bb

commit ee4d67136ab936c6f2632d2e505bd86175d918bb
Author: Sylvain Beucler <[email protected]>
Date:   Fri Dec 18 14:14:37 2015 +0100

    rss: quick fix to prevent private PM infoleak

diff --git a/src/www/export/rss20_tasks.php b/src/www/export/rss20_tasks.php
index d0104b8..81b8dfc 100644
--- a/src/www/export/rss20_tasks.php
+++ b/src/www/export/rss20_tasks.php
@@ -72,6 +72,8 @@ if(isset($projects[0]))
 {
        foreach($projects AS $project)
        {
+               session_require_perm('pm', $project, 'read');
+
                $project_sq.=" OR (group_project_id = '".$project."')";
                /*$sql="SELECT project_name,group_id FROM project_group_list 
WHERE group_project_id='".$project."'";
                $res=pg_query($sql);

-----------------------------------------------------------------------

Summary of changes:
 src/www/export/rss20_tasks.php | 2 ++
 1 file changed, 2 insertions(+)


hooks/post-receive
-- 
FusionForge

_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits

[Fusionforge-commits] FusionForge branch 6.0 updated. v6.0.3-58-gee4d671

Reply via email to