From: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sun, 6 Sep 2009 02:18:35 +0000 (+0000)
Subject: Fixed a potential security issue concerning site views.
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=ab4f981ee2ee9f2ba3766673a04a7d16e9bb1850;p=lorea%2Felgg.git

Fixed a potential security issue concerning site views.


git-svn-id: https://code.elgg.org/elgg/trunk@3464 36083f99-b078-4883-b0ff-0f9b5a30f544
---

diff --git a/views/default/site/default.php b/views/default/site/default.php
index 44f052d18..dcb305419 100644
--- a/views/default/site/default.php
+++ b/views/default/site/default.php
@@ -8,5 +8,14 @@
 	 * @link http://elgg.org/
 	 */
 
-	echo elgg_view('object/default', $vars);
+	// sites information (including plugin settings) shouldn't be shown.
+	// there's not a real reason to display a site object
+	// unless specifically overriden with a subtype view.
+	if ($site = $vars['entity']->url) {
+		forward($site);
+	} else {
+		forward();
+	}
+
+	//echo elgg_view('object/default', $vars);
 ?>
\ No newline at end of file