Commit bd8b7317 authored by chealer's avatar chealer

mass-remove part added on 1.6 by drieschner included tiki-pagesetup.php...

mass-remove part added on 1.6 by drieschner included tiki-pagesetup.php apparently assuming this took care of custom permissions. I'm removing this line since it doesn't help currently.
This still leaves a rather minor threat for case of $feature_listPages = 'y' for people with tiki_p_remove when some pages have individual rights, most importantly taking into account the unsecured listing. This permission comes by default with Editors group. Admins who don't fully trust their editors should probably turn off $feature_listPages != 'y'. A fix shouldn't be hard to code :)
parent 2c340373
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-listpages.php,v 1.11 2003-12-28 20:12:52 mose Exp $
// $Header: /cvsroot/tikiwiki/tiki/tiki-listpages.php,v 1.12 2004-03-22 07:43:16 chealer Exp $
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -41,7 +41,6 @@ if ($tiki_p_view != 'y') {
*/
if (isset($_REQUEST["submit_mult"]) && isset($_REQUEST["checked"]) && $_REQUEST["submit_mult"] == "remove_pages") {
check_ticket('list-pages');
include_once ("tiki-pagesetup.php");
// Now check permissions to remove the selected pages
if ($tiki_p_remove != 'y') {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment