Fixed a potential security issue concerning site views.

author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Sun, 6 Sep 2009 02:18:35 +0000 (02:18 +0000)

committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>

Sun, 6 Sep 2009 02:18:35 +0000 (02:18 +0000)
author brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sun, 6 Sep 2009 02:18:35 +0000 (02:18 +0000)
committer brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Sun, 6 Sep 2009 02:18:35 +0000 (02:18 +0000)
diff --git a/views/default/site/default.php b/views/default/site/default.php

index 44f052d189892894d9e23f24ed20ed3b39b45817..dcb305419b87d0111ec485ac8238b1182218534e 100644 (file)
--- a/views/default/site/default.php
+++ b/views/default/site/default.php
@@ -8,5 +8,14 @@
          * @link http://elgg.org/
          */
  
-       echo elgg_view('object/default', $vars);
+       // sites information (including plugin settings) shouldn't be shown.
+       // there's not a real reason to display a site object
+       // unless specifically overriden with a subtype view.
+       if ($site = $vars['entity']->url) {
+               forward($site);
+       } else {
+               forward();
+       }
+
+       //echo elgg_view('object/default', $vars);
  ?>
 \ No newline at end of file
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Sun, 6 Sep 2009 02:18:35 +0000 (02:18 +0000)
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
	Sun, 6 Sep 2009 02:18:35 +0000 (02:18 +0000)