But here's a fix:

--- src/webdocs/Search.jsp      2003-09-13 19:01:59.000000000 +0300
+++ ../eclipse/JSPWiki/src/webdocs/Search.jsp   2003-12-04 12:41:38.000000000 +0200
@@ -36,7 +36,16 @@
         log.info("Searching for string "+query);

         list = wiki.findPages( query );
-
+        Collection results = new ArrayList();
+        Iterator i = list.iterator();
+        while( i.hasNext() )
+        {
+               SearchResult result = (SearchResult) i.next();
+               if( wiki.getAuthorizationManager().checkPermission(result.getPage(), wikiContext.getCurrentUser(), "view") )
+                       results.add(result);
+        }
+               list = results;
+
         pageContext.setAttribute( "searchresults",
                                   list,
                                   PageContext.REQUEST_SCOPE );
And a fix for the same problem in RecentChangesPlugin:
--- ../../JSPWiki/src/com/ecyrd/jspwiki/plugin/RecentChangesPlugin.java       2003-12-04 12:44:11.000000000 +0200
+++ src/com/ecyrd/jspwiki/plugin/RecentChangesPlugin.java       2003-12-04 15:01:14.000000000 +0200
@@ -100,6 +100,11 @@

                 Date lastmod = pageref.getLastModified();

+                               if( ! context.getEngine().getAuthorizationManager().checkPermission(pageref, context.getCurrentUser(), "view") )
+                               {
+                                       break;
+                               }
+
                 if( lastmod.before( sincedate.getTime() ) )
                 {
                     break;

Question: The dates contained in these patches are of an ancient time - has this patch made it into the current code? After all - this page is listed under "Hot Problems" on the Main page

-- Olaf Kock

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-3) was last changed on 17-Jul-2005 17:04 by OlafKock