From: garvinhicking Date: Wed, 8 Aug 2007 08:50:11 +0000 (+0000) Subject: svn commit -m "Fix entryproperties value setting" X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=40b5b812ddfbdead452f992dcdce1be2875403ca;p=s9y.git svn commit -m "Fix entryproperties value setting" --- diff --git a/docs/NEWS b/docs/NEWS index 0f4a05f..0dbc6be 100644 --- a/docs/NEWS +++ b/docs/NEWS @@ -1,5 +1,12 @@ # $Id$ +Version 1.1.4 (August 8th, 2007) +------------------------------------------------------------------------ + + * Fix being able to set entryproperties values via POST-Request (and + being able to bypass password-protection of an entry, when the + Entryproperties plugin is installed). Thanks to Erich Schubert + Version 1.1.3 (June 17th, 2007) ------------------------------------------------------------------------ diff --git a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php index c8086c5..04280ac 100644 --- a/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php +++ b/plugins/serendipity_event_entryproperties/serendipity_event_entryproperties.php @@ -617,20 +617,11 @@ class serendipity_event_entryproperties extends serendipity_event // is in the process of being created. This must be done for the extended properties // to be applied in the preview. - if (is_array($serendipity['POST']['properties']) && count($serendipity['POST']['properties']) > 0){ - $parr = array(); - $supported_properties = serendipity_event_entryproperties::getSupportedProperties(); - foreach($supported_properties AS $prop_key) { - if (isset($serendipity['POST']['properties'][$prop_key])) - $eventData[0]['properties']['ep_' . $prop_key] = $serendipity['POST']['properties'][$prop_key]; - } - } - if (isset($serendipity['GET']['id']) && isset($eventData[0]['properties']['ep_entrypassword'])) { - if (isset($_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']]) || $eventData[0]['properties']['ep_entrypassword'] == $serendipity['POST']['entrypassword']) { + if ($_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] == md5($eventData[0]['properties']['ep_entrypassword']) || $eventData[0]['properties']['ep_entrypassword'] == $serendipity['POST']['entrypassword']) { // Do not show login form again, once we have first enabled it. - $_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] = true; + $_SESSION['entrypassword_unlocked'][$serendipity['GET']['id']] = md5($eventData[0]['properties']['ep_entrypassword']); } else { if (is_array($eventData)) { $eventData['clean_page'] = true; @@ -641,6 +632,15 @@ class serendipity_event_entryproperties extends serendipity_event } } + if ($addData['preview'] && is_array($serendipity['POST']['properties']) && count($serendipity['POST']['properties']) > 0){ + $parr = array(); + $supported_properties = serendipity_event_entryproperties::getSupportedProperties(); + foreach($supported_properties AS $prop_key) { + if (isset($serendipity['POST']['properties'][$prop_key])) + $eventData[0]['properties']['ep_' . $prop_key] = $serendipity['POST']['properties'][$prop_key]; + } + } + break; case 'entries_header': diff --git a/serendipity_config.inc.php b/serendipity_config.inc.php index 68c789f..c4edd98 100644 --- a/serendipity_config.inc.php +++ b/serendipity_config.inc.php @@ -31,7 +31,7 @@ if (!defined('IN_serendipity')) { include(S9Y_INCLUDE_PATH . 'include/compat.inc.php'); // The version string -$serendipity['version'] = '1.1.3'; +$serendipity['version'] = '1.1.4'; // Setting this to 'false' will enable debugging output. All alpa/beta/cvs snapshot versions will emit debug information by default. To increase the debug level (to enable Smarty debugging), set this flag to 'debug'. $serendipity['production'] = (preg_match('@\-(alpha|beta|cvs)@', $serendipity['version']) ? false : true);