diff options
Diffstat (limited to 'www-apps/twiki/files/CVE-2006-1386.patch')
| -rw-r--r-- | www-apps/twiki/files/CVE-2006-1386.patch | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/www-apps/twiki/files/CVE-2006-1386.patch b/www-apps/twiki/files/CVE-2006-1386.patch new file mode 100644 index 000000000000..dff921cd50a5 --- /dev/null +++ b/www-apps/twiki/files/CVE-2006-1386.patch @@ -0,0 +1,23 @@ +diff -ur work/lib/TWiki/UI/RDiff.pm work_patched/lib/TWiki/UI/RDiff.pm +--- work/lib/TWiki/UI/RDiff.pm 2006-02-07 10:08:45.000000000 -0500 ++++ work_patched/lib/TWiki/UI/RDiff.pm 2006-03-25 10:55:01.000000000 -0500 +@@ -394,6 +394,7 @@ + + TWiki::UI::checkWebExists( $session, $webName, $topic, 'diff' ); + TWiki::UI::checkTopicExists( $session, $webName, $topic, 'diff' ); ++ TWiki::UI::checkAccess( $session, $webName, $topic, 'view', $session->{user} ); + + my $renderStyle = $query->param('render') || + $session->{prefs}->getPreferencesValue( 'DIFFRENDERSTYLE' ) || +diff -ur work/lib/TWiki/UI/Save.pm work_patched/lib/TWiki/UI/Save.pm +--- work/lib/TWiki/UI/Save.pm 2006-02-07 10:08:45.000000000 -0500 ++++ work_patched/lib/TWiki/UI/Save.pm 2006-03-25 10:54:19.000000000 -0500 +@@ -104,7 +104,7 @@ + + if( $topicExists ) { + ( $prevMeta, $prevText ) = +- $store->readTopic( undef, $webName, $topic, undef ); ++ $store->readTopic( $user, $webName, $topic, undef ); + if( $prevMeta ) { + foreach my $k ( keys %$prevMeta ) { + unless( $k =~ /^_/ || $k eq 'FORM' || $k eq 'TOPICPARENT' || |