commit dea9402cf82511e5f198ae37b981d55427974b2d
parent afcd571fc6aa4ef8c65ddb911ad8b415441ef7d3
Author: dankert <openrat@jandankert.de>
Date: Fri, 3 Dec 2021 23:36:56 +0100
Some security enhancements.
Diffstat:
3 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/modules/cms/action/file/FileAdvancedAction.class.php b/modules/cms/action/file/FileAdvancedAction.class.php
@@ -6,6 +6,7 @@ use cms\action\RequestParams;
use cms\generator\FileContext;
use cms\generator\FileGenerator;
use cms\model\BaseObject;
+use cms\model\Permission;
use language\Messages;
use util\exception\ValidationException;
@@ -44,5 +45,8 @@ class FileAdvancedAction extends FileAction implements Method {
}
-
+ public function getRequiredPermission()
+ {
+ return Permission::ACL_PROP;
+ }
}
diff --git a/modules/cms/action/folder/FolderAdvancedAction.class.php b/modules/cms/action/folder/FolderAdvancedAction.class.php
@@ -20,7 +20,7 @@ use util\Html;
class FolderAdvancedAction extends FolderAction implements Method {
- public function view() {
+ public function view() {
$this->setTemplateVar('writable',$this->folder->hasRight(Permission::ACL_WRITE) );
$list = array();
diff --git a/modules/cms/action/page/PageAdvancedAction.class.php b/modules/cms/action/page/PageAdvancedAction.class.php
@@ -5,6 +5,7 @@ use cms\action\object\ObjectInfoAction;
use cms\action\PageAction;
use cms\generator\PageGenerator;
use cms\generator\Producer;
+use cms\model\Permission;
use cms\model\Template;
class PageAdvancedAction extends PageAction implements Method {
@@ -30,4 +31,10 @@ class PageAdvancedAction extends PageAction implements Method {
}
public function post() {
}
+
+ public function getRequiredPermission()
+ {
+ return Permission::ACL_READ;
+ }
+
}