crtxcr/qswiki
1
0
Fork 0
Code Issues 21 Pull Requests 1 Releases Activity

HandlerPageView: Add misisng check whether passed revision is most recent

Browse Source
This commit is contained in:
Albert S. 2021-03-16 21:05:59 +01:00
parent e4562809a0
commit 2aa11fc2b2
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
handlers/handlerpageview.cpp
View File

@ -92,7 +92,11 @@ Response HandlerPageView::handleRequest(PageDao &pageDao, std::string pagename,
{ {
if(!effectivePermissions(pagename).canSeePageHistory()) if(!effectivePermissions(pagename).canSeePageHistory())
{ {
return errorResponse("Error", "You are not allowed to view older revisions of this page"); auto current = this->database->createRevisionDao()->getCurrentForPage(pagename);
if(current && current->revision > revisionid)
{
return errorResponse("Error", "You are not allowed to view older revisions of this page");
}
} }
revision = this->database->createRevisionDao()->getRevisionForPage(pagename, revisionid); revision = this->database->createRevisionDao()->getRevisionForPage(pagename, revisionid);
if(!revision) if(!revision)