But here's a fix:
--- src/webdocs/Search.jsp 2003-09-13 19:01:59.000000000 +0300 +++ ../eclipse/JSPWiki/src/webdocs/Search.jsp 2003-12-04 12:41:38.000000000 +0200 @@ -36,7 +36,16 @@ log.info("Searching for string "+query); list = wiki.findPages( query ); - + Collection results = new ArrayList(); + Iterator i = list.iterator(); + while( i.hasNext() ) + { + SearchResult result = (SearchResult) i.next(); + if( wiki.getAuthorizationManager().checkPermission(result.getPage(), wikiContext.getCurrentUser(), "view") ) + results.add(result); + } + list = results; + pageContext.setAttribute( "searchresults", list, PageContext.REQUEST_SCOPE );And a fix for the same problem in RecentChangesPlugin:
--- ../../JSPWiki/src/com/ecyrd/jspwiki/plugin/RecentChangesPlugin.java 2003-12-04 12:44:11.000000000 +0200 +++ src/com/ecyrd/jspwiki/plugin/RecentChangesPlugin.java 2003-12-04 15:01:14.000000000 +0200 @@ -100,6 +100,11 @@ Date lastmod = pageref.getLastModified(); + if( ! context.getEngine().getAuthorizationManager().checkPermission(pageref, context.getCurrentUser(), "view") ) + { + break; + } + if( lastmod.before( sincedate.getTime() ) ) { break;
Question: The dates contained in these patches are of an ancient time - has this patch made it into the current code? After all - this page is listed under "Hot Problems" on the Main page
-- Olaf Kock
Add new attachment
Only authorized users are allowed to upload new attachments.