stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-06-22 17:29:57 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move security into the constructor. Protecting the index() call is easily bypassed.

Browse Source
This commit is contained in:
Bharat Mediratta
2009-03-16 08:29:35 +00:00
parent c05a1103e7
commit 2c3ab56a42
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
core/controllers/scaffold.php
View File

@@ -20,16 +20,16 @@
class Scaffold_Controller extends Template_Controller {
public $template = "scaffold.html";
function index() {
try {
$session = Session::instance();
} catch (Exception $e) {
public function __construct($theme=null) {
if (!(user::active()->admin)) {
throw new Exception("@todo UNAUTHORIZED", 401);
}
parent::__construct();
}
function index() {
$session = Session::instance();
if (!user::active()->admin) {
throw new Exception("@todo FORBIDDEN", 503);
}
set_error_handler(array("Scaffold_Controller", "_error_handler"));
try {
$this->template->album_count = ORM::factory("item")->where("type", "album")->count_all();