From 04bf687890874978d2b6bf9bb68c6cbe22c794d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zden=C4=9Bk=20Borovec?= Date: Mon, 13 May 2024 18:56:31 +0200 Subject: [PATCH] fix the perms --- docs/www/blog/tageditor.php | 4 ++-- docs/www/blog/writearticle.php | 4 ++-- docs/www/fileupload.php | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/www/blog/tageditor.php b/docs/www/blog/tageditor.php index 688acd5..ffb70e0 100644 --- a/docs/www/blog/tageditor.php +++ b/docs/www/blog/tageditor.php @@ -5,8 +5,8 @@ include_once($COMMONS."/header.php"); // If the user does not have the 1000 0000 permission, // throw a 403: Forbidden error. -if (isset($_COOKIE["PHPSESSID"]) && - (bool)($_SESSION["current_user"]->permissions & 128)) { +if (!isset($_COOKIE["PHPSESSID"]) || + !(bool)($_SESSION["current_user"]->permissions & 128)) { header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php"); include_once($COMMONS."/footer.php"); diff --git a/docs/www/blog/writearticle.php b/docs/www/blog/writearticle.php index 4b3ee46..ef8bb0f 100644 --- a/docs/www/blog/writearticle.php +++ b/docs/www/blog/writearticle.php @@ -5,8 +5,8 @@ include_once($COMMONS."/header.php"); // If the user does not have the 1000 0000 permission, // throw a 403: Forbidden error. -if (isset($_COOKIE["PHPSESSID"]) && - (bool)($_SESSION["current_user"]->permissions & 128)) { +if (!isset($_COOKIE["PHPSESSID"]) || + !(bool)($_SESSION["current_user"]->permissions & 128)) { header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php"); include_once($COMMONS."/footer.php"); diff --git a/docs/www/fileupload.php b/docs/www/fileupload.php index 3ded7e0..0c7aaf6 100644 --- a/docs/www/fileupload.php +++ b/docs/www/fileupload.php @@ -5,8 +5,8 @@ include_once($COMMONS."/header.php"); // If the user does not have the 1000 0000 permission, // throw a 403: Forbidden error. -if (isset($_COOKIE["PHPSESSID"]) && - (bool)($_SESSION["current_user"]->permissions & 128)) { +if (!isset($_COOKIE["PHPSESSID"]) || + !(bool)($_SESSION["current_user"]->permissions & 128)) { header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/403.php"); include_once($COMMONS."/footer.php");