Revision: 1112
http://mrbs.svn.sourceforge.net/mrbs/?rev=1112&view=rev
Author: dceschools
Date: 2009-05-19 17:54:39 +0000 (Tue, 19 May 2009)
Log Message:
-----------
Fixes problem of private booking details being exposed when another user copies
an existing hidden event. Private details are now cleared when this happens.
Modified Paths:
--------------
mrbs/trunk/web/edit_entry.php
Modified: mrbs/trunk/web/edit_entry.php
===================================================================
--- mrbs/trunk/web/edit_entry.php 2009-05-18 17:35:52 UTC (rev 1111)
+++ mrbs/trunk/web/edit_entry.php 2009-05-19 17:54:39 UTC (rev 1112)
@@ -110,6 +110,19 @@
{
$private = $private_default;
}
+ # Need to clear some data if entry is private and user
+ # does not have permission to edit/view details
+ if (isset($copy) && ($create_by != $row['create_by']))
+ {
+ # Entry being copied by different user
+ # If they don't have rights to view details, clear them
+ $privatewriteable = getWritable($row['create_by'],getUserName());
+ if (is_private_event($private) && !$privatewriteable)
+ {
+ $name = '';
+ $description = '' ;
+ }
+ }
if($entry_type >= 1)
{
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables
unlimited royalty-free distribution of the report engine
for externally facing server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
