]> gitweb.fluxo.info Git - lorea/elgg.git/commitdiff
Fixed a potential security issue concerning site views.
authorbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sun, 6 Sep 2009 02:18:35 +0000 (02:18 +0000)
committerbrettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sun, 6 Sep 2009 02:18:35 +0000 (02:18 +0000)
git-svn-id: https://code.elgg.org/elgg/trunk@3464 36083f99-b078-4883-b0ff-0f9b5a30f544

views/default/site/default.php

index 44f052d189892894d9e23f24ed20ed3b39b45817..dcb305419b87d0111ec485ac8238b1182218534e 100644 (file)
@@ -8,5 +8,14 @@
         * @link http://elgg.org/
         */
 
-       echo elgg_view('object/default', $vars);
+       // sites information (including plugin settings) shouldn't be shown.
+       // there's not a real reason to display a site object
+       // unless specifically overriden with a subtype view.
+       if ($site = $vars['entity']->url) {
+               forward($site);
+       } else {
+               forward();
+       }
+
+       //echo elgg_view('object/default', $vars);
 ?>
\ No newline at end of file