From 63773904ba897df090aab60fbf1598ae47775fe8 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Mon, 12 Sep 2005 16:30:27 +0200
Subject: [PATCH] added missing ACL checks for new index based searches
darcs-hash:20050912143027-7ad00-b2f3165d8db7122a453ecc63ad031af4467f691f.gz
---
inc/fulltext.php | 28 ++++++++++++++++++++++++++++
inc/indexer.php | 3 +++
2 files changed, 31 insertions(+)
diff --git a/inc/fulltext.php b/inc/fulltext.php
index ff29f9deb..3940bc0c4 100644
--- a/inc/fulltext.php
+++ b/inc/fulltext.php
@@ -70,6 +70,15 @@ function ft_pageSearch($query,&$poswords){
if(!count($docs)) return array();
+ // check ACL permissions
+ foreach(array_keys($docs) as $doc){
+ if(auth_quickaclcheck($doc) < AUTH_READ){
+ unset($docs[$doc]);
+ }
+ }
+
+ if(!count($docs)) return array();
+
// if there are any hits left, sort them by count
arsort($docs);
@@ -114,6 +123,15 @@ function ft_backlinks($id){
}
}
+ if(!count($result)) return $result;
+
+ // check ACL permissions
+ foreach(array_keys($result) as $idx){
+ if(auth_quickaclcheck($result[$idx]) < AUTH_READ){
+ unset($result[$idx]);
+ }
+ }
+
sort($result);
return $result;
}
@@ -145,6 +163,16 @@ function ft_pageLookup($id,$pageonly=true){
continue;
}
}
+
+ if(!count($pages)) return array();
+
+ // check ACL permissions
+ foreach(array_keys($pages) as $idx){
+ if(auth_quickaclcheck($pages[$idx]) < AUTH_READ){
+ unset($pages[$idx]);
+ }
+ }
+
sort($pages);
return $pages;
}
diff --git a/inc/indexer.php b/inc/indexer.php
index ce58f47a7..747463d0f 100644
--- a/inc/indexer.php
+++ b/inc/indexer.php
@@ -199,6 +199,9 @@ function idx_writeIndexLine($fh,$line,$pid,$count){
* Takes an array of word and will return a list of matching
* documents for each one.
*
+ * Important: No ACL checking is done here! All results are
+ * returned, regardless of permissions
+ *
* @author Andreas Gohr <andi@splitbrain.org>
*/
function idx_lookup($words){
--
GitLab