From: garvinhicking Date: Wed, 8 Aug 2007 08:48:37 +0000 (+0000) Subject: Fix entryproperties value setting X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=3a392dd396d56c79f237835d2c3029fce3c006d2;p=s9y.git Fix entryproperties value setting --- diff --git a/docs/NEWS b/docs/NEWS index 1571ecf..6e49a28 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -186,6 +186,13 @@ Version 1.2 () * Allow to call permalinks that end with a "/" the same as if not ending with a "/" (garvinhicking) +Version 1.1.4 (August 8th, 2007) +------------------------------------------------------------------------ + + * Fix being able to set entryproperties values via POST-Request (and + being able to bypass password-protection of an entry, when the + Entryproperties plugin is installed). Thanks to Erich Schubert + Version 1.1.3 (June 17th, 2007) ------------------------------------------------------------------------ diff --git a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php index 601a890..056ba9f 100644 --- a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php +++ b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php @@ -618,20 +618,11 @@ class serendipity_event_entryproperties extends serendipity_event // is in the process of being created. This must be done for the extended properties // to be applied in the preview. - if (is_array($serendipity['POST']['properties']) && count($serendipity['POST']['properties']) > 0){ - $parr = array(); - $supported_properties = serendipity_event_entryproperties::getSupportedProperties(); - foreach($supported_properties AS $prop_key) { - if (isset($serendipity['POST']['properties'][$prop_key])) - $eventData[0]['properties']['ep_' . $prop_key] = $serendipity['POST']['properties'][$prop_key]; - } - } - if (isset($serendipity['GET']['id']) && isset($eventData[0]['properties']['ep_entrypassword'])) { - if (isset($_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']]) || $eventData[0]['properties']['ep_entrypassword'] == $serendipity['POST']['entrypassword']) { + if ($_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] == md5($eventData[0]['properties']['ep_entrypassword']) || $eventData[0]['properties']['ep_entrypassword'] == $serendipity['POST']['entrypassword']) { // Do not show login form again, once we have first enabled it. - $_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] = true; + $_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] = md5($eventData[0]['properties']['ep_entrypassword']); } else { if (is_array($eventData)) { $eventData['clean_page'] = true; @@ -642,6 +633,15 @@ class serendipity_event_entryproperties extends serendipity_event } } + if ($addData['preview'] && is_array($serendipity['POST']['properties']) && count($serendipity['POST']['properties']) > 0){ + $parr = array(); + $supported_properties = serendipity_event_entryproperties::getSupportedProperties(); + foreach($supported_properties AS $prop_key) { + if (isset($serendipity['POST']['properties'][$prop_key])) + $eventData[0]['properties']['ep_' . $prop_key] = $serendipity['POST']['properties'][$prop_key]; + } + } + break; case 'entries_header':