View Issue Details

IDProjectCategoryView StatusLast Update
0005842Simple:Presscode - filterspublic2017-09-15 07:14
ReporterMr PapaAssigned ToMr Papa 
PriorityhighSeverityN/AReproducibilityhave not tried
Status closedResolutionfixed 
Product Version5.7.6 
Target Version5.8Fixed in Version5.8 
Summary0005842: preview of post with image throws notice and improper auth check
Descriptionunsure if this is preview plugin or core issue... in the end, may affect both... the problem shows itself when previewing a post with an embedded image (say from file uploader)...

the post preview calls function fprmat_image in class sp-api-class-spcdisplayfilters.php...

these lines in that method throw a notice and improper auth check for these lines of code:

        $forum_id = (!empty(SP()->rewrites->pageData['forumid'])) ? SP()->rewrites->pageData['forumid'] : '';
        if (!SP()->auths->get('can_view_images', $forum_id, SP()->user->thisUser->ID)) {


basically, for preview (since ajax), the forum ID checked in SP()->rewrites->pageData['forumid'] is not set up... in 5.7, this would have been a check for $spVars['forumid'] which we know is not set up for ajax stuff...

hence the forum id becomes '' and a notice is thrown.. additionally, the forum id auth check is now done global instead of the correct forum... of course, this is only problem is the user posting an image cannot view images which is highly unlikely...

still, we should fix this...
TagsNo tags attached.
change_log_textcorrect forum id passing to image filters for preview
typedefect

Activities

svn

svn

2017-09-04 19:23

administrator   ~0019627

Changeset [15547] by steve on 2017-09-04 15:23:39 -0400 (Mon, 04 Sep 2017)

test issue 0005842 correct forum id passing to image filters for preview

 Changed Files:

U plugins/plupload/library/sp-plupload-components.php
U plugins/post-preview/ajax/sp-ajax-preview.php
U plugins/post-preview/resources/jscript/sp-preview-dev.js
U plugins/post-preview/resources/jscript/sp-preview.js

 Differences:

 http://websvn.simple-press.com/revision.php?repname=Simple:Press&path=%2F&rev=15547

Issue History

Date Modified Username Field Change
2017-08-15 02:45 Mr Papa New Issue
2017-08-15 02:45 Mr Papa Priority normal => high
2017-09-04 19:13 Mr Papa Assigned To => Mr Papa
2017-09-04 19:13 Mr Papa Status new => assigned
2017-09-04 19:23 svn =>
2017-09-04 19:23 svn Note Added: 0019627
2017-09-04 19:23 svn Status assigned => testing
2017-09-15 07:14 Mr Papa Status testing => closed
2017-09-15 07:14 Mr Papa Resolution open => fixed
2017-09-15 07:14 Mr Papa Fixed in Version => 5.8
2017-09-15 07:14 Mr Papa change_log_text update => correct forum id passing to image filters for preview