# $Id$
+Version 1.1.4 (August 8th, 2007)
+------------------------------------------------------------------------
+
+ * Fix being able to set entryproperties values via POST-Request (and
+ being able to bypass password-protection of an entry, when the
+ Entryproperties plugin is installed). Thanks to Erich Schubert
+
Version 1.1.3 (June 17th, 2007)
------------------------------------------------------------------------
// is in the process of being created. This must be done for the extended properties
// to be applied in the preview.
- if (is_array($serendipity['POST']['properties']) && count($serendipity['POST']['properties']) > 0){
- $parr = array();
- $supported_properties = serendipity_event_entryproperties::getSupportedProperties();
- foreach($supported_properties AS $prop_key) {
- if (isset($serendipity['POST']['properties'][$prop_key]))
- $eventData[0]['properties']['ep_' . $prop_key] = $serendipity['POST']['properties'][$prop_key];
- }
- }
-
if (isset($serendipity['GET']['id']) && isset($eventData[0]['properties']['ep_entrypassword'])) {
- if (isset($_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']]) || $eventData[0]['properties']['ep_entrypassword'] == $serendipity['POST']['entrypassword']) {
+ if ($_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] == md5($eventData[0]['properties']['ep_entrypassword']) || $eventData[0]['properties']['ep_entrypassword'] == $serendipity['POST']['entrypassword']) {
// Do not show login form again, once we have first enabled it.
- $_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] = true;
+ $_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] = md5($eventData[0]['properties']['ep_entrypassword']);
} else {
if (is_array($eventData)) {
$eventData['clean_page'] = true;
}
}
+ if ($addData['preview'] && is_array($serendipity['POST']['properties']) && count($serendipity['POST']['properties']) > 0){
+ $parr = array();
+ $supported_properties = serendipity_event_entryproperties::getSupportedProperties();
+ foreach($supported_properties AS $prop_key) {
+ if (isset($serendipity['POST']['properties'][$prop_key]))
+ $eventData[0]['properties']['ep_' . $prop_key] = $serendipity['POST']['properties'][$prop_key];
+ }
+ }
+
break;
case 'entries_header':
include(S9Y_INCLUDE_PATH . 'include/compat.inc.php');
// The version string
-$serendipity['version'] = '1.1.3';
+$serendipity['version'] = '1.1.4';
// Setting this to 'false' will enable debugging output. All alpa/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'.
$serendipity['production'] = (preg_match('@\-(alpha|beta|cvs)@', $serendipity['version']) ? false : true);
projects / s9y.git / commitdiff