From 5abaaf67d02da3ff489cc1fecb84562cac97c868 Mon Sep 17 00:00:00 2001 From: Albert S Date: Mon, 21 Sep 2020 21:44:26 +0200 Subject: [PATCH] HandlerPageView: Prevent viewing older revisions if not allowed --- handlers/handlerpageview.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/handlers/handlerpageview.cpp b/handlers/handlerpageview.cpp index ab3cbaa..84ef242 100644 --- a/handlers/handlerpageview.cpp +++ b/handlers/handlerpageview.cpp @@ -90,6 +90,10 @@ Response HandlerPageView::handleRequest(PageDao &pageDao, std::string pagename, { if(revisionid > 0) { + if(!effectivePermissions(pagename).canSeePageHistory()) + { + return errorResponse("Error", "You are not allowed to view older revisions of this page"); + } revision = this->database->createRevisionDao()->getRevisionForPage(pagename, revisionid); if(!revision) {