But here's a fix:
--- src/webdocs/Search.jsp 2003-09-13 19:01:59.000000000 +0300
+++ ../eclipse/JSPWiki/src/webdocs/Search.jsp 2003-12-04 12:41:38.000000000 +0200
@@ -36,7 +36,16 @@
log.info("Searching for string "+query);
list = wiki.findPages( query );
-
+ Collection results = new ArrayList();
+ Iterator i = list.iterator();
+ while( i.hasNext() )
+ {
+ SearchResult result = (SearchResult) i.next();
+ if( wiki.getAuthorizationManager().checkPermission(result.getPage(), wikiContext.getCurrentUser(), "view") )
+ results.add(result);
+ }
+ list = results;
+
pageContext.setAttribute( "searchresults",
list,
PageContext.REQUEST_SCOPE );
And a fix for the same problem in RecentChangesPlugin:
--- ../../JSPWiki/src/com/ecyrd/jspwiki/plugin/RecentChangesPlugin.java 2003-12-04 12:44:11.000000000 +0200
+++ src/com/ecyrd/jspwiki/plugin/RecentChangesPlugin.java 2003-12-04 15:01:14.000000000 +0200
@@ -100,6 +100,11 @@
Date lastmod = pageref.getLastModified();
+ if( ! context.getEngine().getAuthorizationManager().checkPermission(pageref, context.getCurrentUser(), "view") )
+ {
+ break;
+ }
+
if( lastmod.before( sincedate.getTime() ) )
{
break;
Question: The dates contained in these patches are of an ancient time - has this patch made it into the current code? After all - this page is listed under "Hot Problems" on the Main page
-- Olaf Kock
Add new attachment
Only authorized users are allowed to upload new attachments.
JSPWiki
- Features
- Download
- Documentation
- Templates
- Plugins
- Provider
- Filters
- Support
- FAQ
- Irc Channel
- Mailing List
- Weblog
- Applications
- Getting Involved
- JSPWIKI Testers
Development
Internet Search